Example #1
0
    $msg = "[color=red]Security alert[/color]\n Account: ID=" . $row['id'] . " Somebody (probably you, " . $username . " !) tried to login but failed!" . "\nTheir [b]Ip Address [/b] was : " . $ip . "\n If this wasn't you please report this event to a {$INSTALLER09['site_name']} staff member\n - Thank you.\n";
    $sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '{$to}', " . sqlesc($msg) . ", " . sqlesc($subject) . ", {$added});";
    $res = sql_query($sql) or sqlerr(__FILE__, __LINE__);
    stderr("Login failed !", "<b>Error</b>: Username or password entry incorrect <br />Have you forgotten your password? <a href='{$INSTALLER09['baseurl']}/resetpw.php'><b>Recover</b></a> your password !");
    bark();
}
////Start IP logger ////
$ip = sqlesc(getip());
$added = sqlesc(time());
$userid = sqlesc($row["id"]);
$res = mysql_query("SELECT * FROM ips WHERE ip ={$ip} AND userid ={$userid}") or die(mysql_error());
if (mysql_num_rows($res) == 0) {
    sql_query("INSERT INTO ips (userid, ip, lastlogin, type) VALUES ({$userid}, {$ip} , {$added}, 'Login')") or die(mysql_error());
} else {
    sql_query("UPDATE ips SET lastlogin = {$added} where ip={$ip} AND userid = {$userid}") or sqlerr(__FILE__, __LINE__);
}
//// End Ip logger /////
if ($row['enabled'] == 'no') {
    bark($lang['tlogin_disabled']);
}
$passh = md5($row["passhash"] . $_SERVER["REMOTE_ADDR"]);
logincookie($row["id"], $passh);
if (isset($_POST['use_ssl']) && $_POST['use_ssl'] == 1 && !isset($_SERVER['HTTPS'])) {
    $INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
}
if (isset($_POST['perm_ssl']) && $_POST['perm_ssl'] == 1) {
    mysql_query('UPDATE users SET ssluse = 2 WHERE id = ' . $row['id']) or sqlerr(__FILE__, __LINE__);
}
$ip = sqlesc(getip());
sql_query("DELETE FROM failedlogins WHERE ip = {$ip}");
header("Location: {$INSTALLER09['baseurl']}/index.php");
Example #2
0
 }
 if (!mkglobal("email:chpassword:passagain:chmailpass:secretanswer")) {
     stderr("Error", $lang['takeeditcp_no_data']);
 }
 if ($chpassword != "") {
     if (strlen($chpassword) > 40) {
         stderr("Error", $lang['takeeditcp_pass_long']);
     }
     if ($chpassword != $passagain) {
         stderr("Error", $lang['takeeditcp_pass_not_match']);
     }
     $secret = mksecret();
     $passhash = make_passhash($secret, md5($chpassword));
     $updateset[] = "secret = " . sqlesc($secret);
     $updateset[] = "passhash = " . sqlesc($passhash);
     logincookie($CURUSER["id"], md5($passhash . $_SERVER["REMOTE_ADDR"]));
 }
 if ($email != $CURUSER["email"]) {
     if (!validemail($email)) {
         stderr("Error", $lang['takeeditcp_not_valid_email']);
     }
     $r = @sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
     if (mysql_num_rows($r) > 0 || $CURUSER["passhash"] != make_passhash($CURUSER['secret'], md5($chmailpass))) {
         stderr("Error", $lang['takeeditcp_address_taken']);
     }
     $changedemail = 1;
 }
 if ($secretanswer != '') {
     if (strlen($secretanswer) > 40) {
         stderr("Sorry", "secret answer is too long (max is 40 chars)");
     }
Example #3
0
    stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);
}
// TIMEZONE STUFF
if (isset($_POST["user_timezone"]) && preg_match('#^\\-?\\d{1,2}(?:\\.\\d{1,2})?$#', $_POST['user_timezone'])) {
    $time_offset = sqlesc($_POST['user_timezone']);
} else {
    $time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0';
}
// have a stab at getting dst parameter?
$dst_in_use = localtime(time() + $time_offset * 3600, true);
// TIMEZONE STUFF END
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = !$arr[0] ? "" : mksecret();
$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, status, " . (!$arr[0] ? "class, " : "") . "added, time_offset, dst_in_use) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, !$arr[0] ? 'confirmed' : 'pending'))) . ", " . (!$arr[0] ? UC_SYSOP . ", " : "") . "" . time() . " , {$time_offset}, {$dst_in_use['tm_isdst']})");
if (!$ret) {
    if (mysql_errno() == 1062) {
        stderr($lang['takesignup_user_error'], $lang['takesignup_user_exists']);
    }
    stderr($lang['takesignup_user_error'], $lang['takesignup_fatal_error']);
}
$id = mysql_insert_id();
//write_log("User account $id ($wantusername) was created");
$psecret = md5($editsecret);
$body = str_replace(array('<#SITENAME#>', '<#USEREMAIL#>', '<#IP_ADDRESS#>', '<#REG_LINK#>'), array($TBDEV['site_name'], $email, $_SERVER['REMOTE_ADDR'], "{$TBDEV['baseurl']}/confirm.php?id={$id}&secret={$psecret}"), $lang['takesignup_email_body']);
if ($arr[0]) {
    mail($email, "{$TBDEV['site_name']} {$lang['takesignup_confirm']}", $body, "{$lang['takesignup_from']} {$TBDEV['site_email']}");
} else {
    logincookie($id, $wantpasshash);
}
header("Refresh: 0; url=ok.php?type=" . (!$arr[0] ? "sysop" : "signup&email=" . urlencode($email)));
Example #4
0
// | Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA            |
// +--------------------------------------------------------------------------+
// |                                               Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/
require_once "include/bittorrent.php";
$id = intval($_GET["id"]);
$md5 = strval($_GET["secret"]);
if (!$id) {
    httperr();
}
dbconn();
$res = sql_query("SELECT passhash, editsecret, status FROM users WHERE id = {$id}");
$row = mysql_fetch_array($res);
if (!$row) {
    httperr();
}
if ($row["status"] != "pending") {
    header("Location: ok.php?type=confirmed");
    exit;
}
$sec = hash_pad($row["editsecret"]);
if ($md5 != md5($sec)) {
    httperr();
}
sql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id = {$id} AND status = 'pending'");
if (!mysql_affected_rows()) {
    httperr();
}
logincookie($id, $row["passhash"]);
header("Location: ok.php?type=confirm");
Example #5
0
if (!$id) {
    httperr();
}
dbconn();
$res = sql_query("SELECT passhash, secret, editsecret, status FROM users WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_assoc($res);
if (!$row) {
    httperr();
}
if ($row["status"] != "pending") {
    header("Refresh: 0; url=ok.php?type=confirmed");
    exit;
}
$confirm_sec = hash_pad($row["secret"]);
if ($confirm_md5 != md5($confirm_sec)) {
    httperr();
}
sql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=" . sqlesc($id) . " AND status='pending'") or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows()) {
    httperr();
}
if ($securelogin == "yes") {
    $securelogin_indentity_cookie = true;
    $passh = md5($row["passhash"] . $_SERVER["REMOTE_ADDR"]);
} else {
    $securelogin_indentity_cookie = false;
    $passh = md5($row["passhash"]);
}
logincookie($row["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie);
//sessioncookie($row["id"], $passh,false);
header("Refresh: 0; url=ok.php?type=confirm");
Example #6
0
if ($_POST["securelogin"] == "yes") {
    $securelogin_indentity_cookie = true;
    $passh = md5($row["passhash"] . $_SERVER["REMOTE_ADDR"]);
} else {
    $securelogin_indentity_cookie = false;
    $passh = md5($row["passhash"]);
}
if ($securelogin == 'yes' || $_POST["ssl"] == "yes") {
    $pprefix = "https://";
    $ssl = true;
} else {
    $pprefix = "http://";
    $ssl = false;
}
if ($securetracker == 'yes' || $_POST["trackerssl"] == "yes") {
    $trackerssl = true;
} else {
    $trackerssl = false;
}
if ($_POST["logout"] == "yes") {
    logincookie($row["id"], $passh, 1, 900, $securelogin_indentity_cookie, $ssl, $trackerssl);
    //sessioncookie($row["id"], $passh,true);
} else {
    logincookie($row["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie, $ssl, $trackerssl);
    //sessioncookie($row["id"], $passh,false);
}
if (!empty($_POST["returnto"])) {
    header("Location: " . $pprefix . "{$BASEURL}/{$_POST['returnto']}");
} else {
    header("Location: " . $pprefix . "{$BASEURL}/index.php");
}
Example #7
0
require_once "include/bittorrent.php";
require_once "include/user_functions.php";
$lang = array_merge(load_language('global'), load_language('confirm'));
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$md5 = isset($_GET['secret']) ? $_GET['secret'] : '';
if (!is_valid_id($id)) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_id']}");
}
if (!preg_match("/^(?:[\\d\\w]){32}\$/", $md5)) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_key']}");
}
dbconn();
$res = @mysql_query("SELECT passhash, editsecret, status FROM users WHERE id = {$id}");
$row = @mysql_fetch_assoc($res);
if (!$row) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_id']}");
}
if ($row['status'] != 'pending') {
    header("Refresh: 0; url={$TBDEV['baseurl']}/ok.php?type=confirmed");
    exit;
}
$sec = hash_pad($row['editsecret']);
if ($md5 != md5($sec)) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_cannot_confirm']}");
}
@mysql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id={$id} AND status='pending'");
if (!mysql_affected_rows()) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_cannot_confirm']}");
}
logincookie($id, $row['passhash']);
header("Refresh: 0; url={$TBDEV['baseurl']}/ok.php?type=confirm");
Example #8
0
    }
    if (isset($_POST["uid"]) && isset($_POST["pwd"])) {
        $res = $db->query("SELECT * FROM users WHERE username = '******'");
        $row = $res->fetch_array(MYSQLI_BOTH);
        if (!$row) {
            standardheader("Login");
            print "<br /><br /><div align='center'><font size='2' color='#FF0000'>" . ERR_USERNAME_INCORRECT . "</font></div>";
            login();
        } elseif (md5($row["random"] . $row["password"] . $row["random"]) != md5($row["random"] . md5($pwd) . $row["random"])) {
            standardheader("Login");
            print "<br /><br /><div align='center'><font size='2' color='#FF0000'>" . ERR_PASSWORD_INCORRECT . "</font></div>";
            login();
        } else {
            $db->query("UPDATE users SET loginhash = '" . md5(vars::$ip . $row['password']) . "' WHERE id = " . (int) $row['id']);
            $salted = md5($GLOBALS["salting"] . $row["random"] . $row["password"] . $row["random"]);
            logincookie((int) $row["id"], $salted);
            if (isset($_GET["returnto"])) {
                $url = security::html_safe(urldecode($_GET["returnto"]));
            } else {
                $url = "index.php";
            }
            redirect($url);
        }
    } else {
        standardheader("Login");
        login();
        exit;
    }
} else {
    if (isset($_GET["returnto"])) {
        $url = security::html_safe(urldecode($_GET["returnto"]));
Example #9
0
}
// $set = array();
$updateset = array();
$changedemail = 0;
if ($chpassword != "") {
    if (strlen($chpassword) > 40) {
        bark("Sorry, password is too long (max is 40 chars)");
    }
    if ($chpassword != $passagain) {
        bark("The passwords didn't match. Try again.");
    }
    $sec = mksecret();
    $passhash = md5($sec . $chpassword . $sec);
    $updateset[] = "secret = " . sqlesc($sec);
    $updateset[] = "passhash = " . sqlesc($passhash);
    logincookie($CURUSER["id"], $passhash);
}
if ($email != $CURUSER["email"]) {
    if (!validemail($email)) {
        bark("That doesn't look like a valid email address.");
    }
    $r = mysql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
    if (mysql_num_rows($r) > 0 || $CURUSER["passhash"] != md5($CURUSER["secret"] . $chmailpass . $CURUSER["secret"])) {
        bark("Could not change email, address already taken or password mismatch.");
    }
    $changedemail = 1;
}
$acceptpms = $_POST["acceptpms"];
$deletepms = isset($_POST["deletepms"]) ? "yes" : "no";
$savepms = isset($_POST['savepms']) && $_POST["savepms"] != "" ? "yes" : "no";
$pmnotif = isset($_POST["pmnotif"]) ? $_POST["pmnotif"] : '';
Example #10
0
     $smf_pass = sha1(strtolower($user) . $pwd);
 }
 $res = do_sqlquery("SELECT u.id, u.random, u.password" . ($FORUMLINK == "smf" ? ", u.smf_fid, s.passwd, s.passwordSalt" : "") . " FROM {$TABLE_PREFIX}users u " . ($FORUMLINK == "smf" ? "LEFT JOIN {$db_prefix}members s ON u.smf_fid=s.ID_MEMBER" : "") . " WHERE u.username ='******'", true);
 $row = mysql_fetch_array($res);
 if (!$row) {
     $logintpl->set("FALSE_USER", true, true);
     $logintpl->set("FALSE_PASSWORD", false, true);
     $logintpl->set("login_username_incorrect", $language["ERR_USERNAME_INCORRECT"]);
     login();
 } elseif (md5($row["random"] . $row["password"] . $row["random"]) != md5($row["random"] . md5($pwd) . $row["random"])) {
     $logintpl->set("FALSE_USER", false, true);
     $logintpl->set("FALSE_PASSWORD", true, true);
     $logintpl->set("login_password_incorrect", $language["ERR_PASSWORD_INCORRECT"]);
     login();
 } else {
     logincookie($row["id"], md5($row["random"] . $row["password"] . $row["random"]));
     if ($FORUMLINK == "smf" && $smf_pass == $row["passwd"]) {
         set_smf_cookie($row["smf_fid"], $row["passwd"], $row["passwordSalt"]);
     } elseif ($FORUMLINK == "smf" && $row["password"] == $row["passwd"]) {
         $salt = substr(md5(rand()), 0, 4);
         @mysql_query("UPDATE {$db_prefix}members SET passwd='{$smf_pass}', passwordSalt='{$salt}' WHERE ID_MEMBER=" . $row["smf_fid"]);
         set_smf_cookie($row["smf_fid"], $smf_pass, $salt);
     }
     if (isset($_GET["returnto"])) {
         $url = urldecode($_GET["returnto"]);
     } else {
         $url = "index.php";
     }
     redirect($url);
     die;
 }
Example #11
0
    $password = passhash($_POST["password"]);
    if (!empty($_POST["username"]) && !empty($_POST["password"])) {
        $res = SQL_Query_exec("SELECT id, password, secret, status, enabled FROM users WHERE username = "******"username"]) . "");
        $row = mysql_fetch_assoc($res);
        if (!$row || $row["password"] != $password) {
            $message = T_("LOGIN_INCORRECT");
        } elseif ($row["status"] == "pending") {
            $message = T_("ACCOUNT_PENDING");
        } elseif ($row["enabled"] == "no") {
            $message = T_("ACCOUNT_DISABLED");
        }
    } else {
        $message = T_("NO_EMPTY_FIELDS");
    }
    if (!$message) {
        logincookie($row["id"], $row["password"], $row["secret"]);
        if (!empty($_POST["returnto"])) {
            header("Refresh: 0; url=" . $_POST["returnto"]);
            die;
        } else {
            header("Refresh: 0; url=index.php");
            die;
        }
    } else {
        show_error_msg(T_("ACCESS_DENIED"), $message, 1);
    }
}
logoutcookie();
stdhead(T_("LOGIN"));
if ($nowarn) {
    show_error_msg(T_("ERROR"), $nowarn, 0);
Example #12
0
}
session_start();
if (empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)) {
    header('Location: login.php');
    exit;
}
dbconn();
$lang = array_merge(load_language('global'), load_language('takelogin'));
function bark($text = 'Username or password incorrect')
{
    global $lang;
    stderr($lang['tlogin_failed'], $text);
}
$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = "******" AND status = 'confirmed'");
$row = mysql_fetch_assoc($res);
if (!$row) {
    bark();
}
if ($row['passhash'] != md5($row['secret'] . $password . $row['secret'])) {
    bark();
}
if ($row['enabled'] == 'no') {
    bark($lang['tlogin_disabled']);
}
logincookie($row['id'], $row['passhash']);
//$returnto = str_replace('&amp;', '&', htmlspecialchars($_POST['returnto']));
//$returnto = $_POST['returnto'];
//if (!empty($returnto))
//header("Location: ".$returnto);
//else
header("Location: {$TBDEV['baseurl']}/my.php");
Example #13
0
 $changedemail = 0;
 if (!mkglobal("email:chpassword:passagain:secretanswer")) {
     bark("missing form data");
 }
 if ($chpassword != "") {
     if (strlen($chpassword) > 40) {
         bark("Sorry, password is too long (max is 40 chars)");
     }
     if ($chpassword != $passagain) {
         bark("The passwords didn't match. Try again.");
     }
     $sec = mksecret();
     $passhash = md5($sec . $chpassword . $sec);
     $updateset[] = "secret = " . sqlesc($sec);
     $updateset[] = "passhash = " . sqlesc($passhash);
     logincookie($CURUSER['id'], md5($passhash . $_SERVER['REMOTE_ADDR']));
 }
 if ($email != $CURUSER["email"]) {
     if (!validemail($email)) {
         bark("That doesn't look like a valid email address.");
     }
     $r = mysql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
     if (mysql_num_rows($r) > 0) {
         bark("The e-mail address you entered is already in use.");
     }
     $changedemail = 1;
 }
 // /////////secret hint and answer by neptune///////////
 if ($secretanswer != '') {
     if (strlen($secretanswer) > 40) {
         bark("Sorry, secret answer is too long (max is 40 chars)");
Example #14
0
}
if (!preg_match("/^(?:[\\d\\w]){32}\$/", $md5)) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_key']}");
}
dbconn();
$res = sql_query("SELECT passhash, editsecret, status FROM users WHERE id =" . sqlesc($id));
$row = mysqli_fetch_assoc($res);
if (!$row) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_id']}");
}
if ($row['status'] != 'pending') {
    header("Refresh: 0; url={$INSTALLER09['baseurl']}/ok.php?type=confirmed");
    exit;
}
$sec = $row['editsecret'];
if ($md5 != $sec) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_cannot_confirm']}");
}
sql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=" . sqlesc($id) . " AND status='pending'");
$mc1->begin_transaction('MyUser_' . $id);
$mc1->update_row(false, array('status' => 'confirmed'));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $id);
$mc1->update_row(false, array('status' => 'confirmed'));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
    stderr("{$lang['confirm_user_error']}", "{$lang['confirm_cannot_confirm']}");
}
$passh = md5($row["passhash"] . $_SERVER["REMOTE_ADDR"]);
logincookie($id, $passh);
header("Refresh: 0; url={$INSTALLER09['baseurl']}/ok.php?type=confirm");
Example #15
0
 if ($row["password"] == $passtype[$row["pass_type"]]["hash"]) {
     // We have a correct password entry
     // If stored password type is not the same as the current set type
     if ($row["pass_type"] != $btit_settings["secsui_pass_type"]) {
         // We need to update the password
         do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `password`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["rehash"]) . "', `salt`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["salt"]) . "', `pass_type`='" . mysqli_real_escape_string($DBDT, $btit_settings["secsui_pass_type"]) . "', `dupe_hash`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["dupehash"]) . "' WHERE `id`=" . $row["id"], true);
         // And update the values we got from the database earlier
         $row["pass_type"] = $btit_settings["secsui_pass_type"];
         $row["password"] = $passtype[$btit_settings["secsui_pass_type"]]["rehash"];
         $row["salt"] = $passtype[$btit_settings["secsui_pass_type"]]["salt"];
     }
     // If we've reached this point we can set the cookies
     // call the logoutcookie function for good measure, just in case we have some old cookies that need destroying.
     logoutcookie();
     // Then login
     logincookie($row, $user);
     if (substr($FORUMLINK, 0, 3) == "smf" && $smf_pass == $row["passwd"]) {
         $new_smf_salt = substr(md5(rand()), 0, 4);
         do_sqlquery("UPDATE `{$db_prefix}members` SET " . ($FORUMLINK == "smf" ? "`passwordSalt`" : "`password_salt`") . "='" . $new_smf_salt . "' WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $row["smf_fid"], true);
         set_smf_cookie($row["smf_fid"], $row["passwd"], $new_smf_salt);
     } elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["pass_type"] == 1 && $row["password"] == $row["passwd"]) {
         $salt = substr(md5(rand()), 0, 4);
         do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$smf_pass}', " . ($FORUMLINK == "smf" ? "`passwordSalt`='{$salt}' WHERE `ID_MEMBER`" : "`password_salt`='{$salt}' WHERE `id_member`") . "=" . $row["smf_fid"]);
         set_smf_cookie($row["smf_fid"], $smf_pass, $salt);
     } elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["passwd"] == "ffffffffffffffffffffffffffffffffffffffff") {
         $fix_pass = smf_passgen($user, $pwd);
         do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='" . $fix_pass[0] . "', " . ($FORUMLINK == "smf" ? "`passwordSalt`='" . $fix_pass[1] . "' WHERE `ID_MEMBER`" : "`password_salt`='" . $fix_pass[1] . "' WHERE `id_member`") . "=" . $row["smf_fid"]);
         set_smf_cookie($row["smf_fid"], $fix_pass[0], $fix_pass[1]);
     } elseif ($FORUMLINK == "ipb") {
         if ($row["members_pass_hash"] == "ffffffffffffffffffffffffffffffff") {
             if (!defined('IPS_ENFORCE_ACCESS')) {
Example #16
0
/**
 * 登录相关操作。
 */
function dologon($cc98_id)
{
    global $res;
    $user_lang = get_current_user_lang();
    $sql = new_mysqli();
    $query = $sql->prepare('SELECT `id`, `passhash`, `username` FROM `users` WHERE `cc98id` = ?');
    $query->bind_param('s', $cc98_id);
    $query->execute();
    $query->bind_result($id, $passhash, $username);
    // 是否匹配到结果。
    if ($query->fetch()) {
        logincookie($id, md5($passhash));
        ?>
<meta http-equiv="refresh" content="3; url=/" />
<?php 
        $title = $res['msg_logon_success_title'];
        $msg = MessageFormatter::formatMessage($user_lang, $res['msg_logon_success_text'], array($username));
        stdhead($title);
        stdmsg($title, $msg);
        stdfoot();
        die;
        break;
        // 没有关联到账户
    } else {
        stderr($res['msg_no_associated_account_title'], $res['msg_no_associated_account_text']);
        die;
    }
}
Example #17
0
//print_r($_POST);exit();
require_once "include/bittorrent.php";
if (!mkglobal("username:password")) {
    die;
}
session_start();
dbconn();
function bark($text = "Username or password incorrect")
{
    stderr("Login failed!", $text);
}
$res = mysql_query("SELECT id, passhash, secret, enabled,status FROM users WHERE username = "******"");
$row = mysql_fetch_assoc($res);
if (!$row) {
    bark();
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) {
    bark();
}
if ($row["status"] == "pending") {
    bark('You have not confirmed your email address yet. More information is <a href="faq.php#user1">here</a>.');
}
if ($row["enabled"] == "no") {
    bark("This account has been disabled.");
}
logincookie($row["id"], $row["passhash"]);
if (!empty($_POST["returnto"])) {
    header("Location: {$_POST['returnto']}");
} else {
    header("Location: browse.php");
}
Example #18
0
     $updateset[] = "secret = " . sqlesc($sec);
     $updateset[] = "passhash = " . sqlesc($passhash);
     //die($securelogin . base64_decode($_COOKIE["c_secure_login"]));
     if ($_COOKIE["c_secure_login"] == base64("yeah")) {
         $passh = md5($passhash . $_SERVER["REMOTE_ADDR"]);
         $securelogin_indentity_cookie = true;
     } else {
         $passh = md5($passhash);
         $securelogin_indentity_cookie = false;
     }
     if ($_COOKIE["c_secure_ssl"] == base64("yeah")) {
         $ssl = true;
     } else {
         $ssl = false;
     }
     logincookie($CURUSER["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie, $ssl);
     //sessioncookie($CURUSER["id"], $passh);
     $passupdated = 1;
 }
 if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) {
     if (EmailBanned($email)) {
         bark($lang_usercp['std_email_address_banned']);
     }
     if (!EmailAllowed($email)) {
         bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails());
     }
     if (!validemail($email)) {
         stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
         die;
     }
     $r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
Example #19
0
    $email = mysqli_real_escape_string($DBDT, $user->email);
    $regex = "/^[_+a-z0-9-]+(\\.[_+a-z0-9-]+)*" . "@[a-z0-9-]+(\\.[a-z0-9-]{1,})*" . "\\.([a-z]{2,}){1}\$/i";
    if (!preg_match($regex, $email)) {
        stderr($language["SORRY"], "E-mail is not valid");
        exit;
    }
    if ($btit_settings["fbadmin"]) {
        $res2 = do_sqlquery("SELECT `ul`.`admin_access` FROM `{$TABLE_PREFIX}users` `u` INNER JOIN `{$TABLE_PREFIX}users_level` `ul` ON `u`.`id_level`=`ul`.`id` WHERE `u`.`email` ='" . $email . "'", true);
        $row2 = mysqli_fetch_assoc($res2);
        if ($row2["admin_access"] == "yes") {
            stderr($language["SORRY"], "I'm sorry Staff are not allowed to log in this way");
            exit;
        }
    }
    $res = do_sqlquery("SELECT `u`.`salt`, `u`.`pass_type`, `u`.`username`, `u`.`id`, `u`.`random`, `u`.`password`" . (substr($FORUMLINK, 0, 3) == "smf" ? ", `u`.`smf_fid`, `s`.`passwd`" : ($FORUMLINK == "ipb" ? ", `u`.`ipb_fid`, `i`.`members_pass_hash`, `i`.`members_pass_salt`, `i`.`name`, `i`.`member_group_id`" : "")) . " FROM `{$TABLE_PREFIX}users` `u` " . (substr($FORUMLINK, 0, 3) == "smf" ? "LEFT JOIN `{$db_prefix}members` `s` ON `u`.`smf_fid`=`s`." . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "" : ($FORUMLINK == "ipb" ? "LEFT JOIN `{$ipb_prefix}members` `i` ON `u`.`ipb_fid`=`i`.`member_id`" : "")) . " WHERE `u`.`email` ='" . $email . "'", true);
    $row = mysqli_fetch_assoc($res);
    if (!$row) {
        stderr($language["SORRY"], "You can not log in, your e-mail used with Facebook does not correspond with the e-mail you used here");
        exit;
    } else {
        logoutcookie();
        logincookie($row, $row["username"]);
        if (substr($FORUMLINK, 0, 3) == "smf" && $email == $row["emailAddress"]) {
            set_smf_cookie($row["smf_fid"], $row["passwd"], $row["passwordSalt"]);
        } elseif ($FORUMLINK == "ipb") {
            set_ipb_cookie($row["ipb_fid"], $row["name"], $row["member_group_id"]);
        }
        redirect($url);
        die;
    }
}