$db->update_query("adminoptions", array('loginlockoutexpiry' => 0, 'loginattempts' => 0), "uid='" . (int) $user['uid'] . "'"); admin_redirect("index.php"); } else { $error = $lang->error_invalid_token; } } $default_page->show_lockout_unlock($error, 'error'); } elseif ($mybb->input['do'] == "login") { require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); // Validate PIN first if (!empty($config['secret_pin']) && (empty($mybb->input['pin']) || $mybb->input['pin'] != $config['secret_pin'])) { $default_page->show_login($lang->error_invalid_secret_pin, "error"); } $loginhandler->set_data(array('username' => $mybb->input['username'], 'password' => $mybb->input['password'])); if ($loginhandler->verify_username() !== false && $loginhandler->verify_password() !== false) { $mybb->user = get_user($loginhandler->login_data['uid']); } if ($mybb->user['uid']) { if (login_attempt_check_acp($mybb->user['uid']) == true) { log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $mybb->user['uid'], 'username' => $mybb->user['username'])); $default_page->show_lockedout(); } $db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'"); $sid = md5(uniqid(microtime(true), true)); $useragent = $_SERVER['HTTP_USER_AGENT']; if (my_strlen($useragent) > 100) { $useragent = my_substr($useragent, 0, 100); } // Create a new admin session for this user $admin_session = array("sid" => $sid, "uid" => $mybb->user['uid'], "loginkey" => $mybb->user['loginkey'], "ip" => $db->escape_binary(my_inet_pton(get_ip())), "dateline" => TIME_NOW, "lastactive" => TIME_NOW, "data" => serialize(array()), "useragent" => $db->escape_string($useragent));