function doLogin($usernm, $passwd)
{
global $mysql;
$usernm = $mysql->escape_string($usernm);
$check = $mysql->fetch_assoc("SELECT user,password,public_salt FROM " . SQLMODSLOG . " WHERE user='******'");
if ($check === false) {
//Username does not exist.
$this->storeBad($usernm, $passwd);
//$this->error(S_WRONGPASS);
return false;
} else {
//Username exists, hash given password and compare.
require_once CORE_DIR . '/crypt/legacy.php';
$crypt = new SaguaroCryptLegacy();
if (!$crypt->compare_hash($passwd, $check['password'], $check['public_salt'])) {
$this->storeBad($usernm, $passwd);
//$this->error(S_WRONGPASS);
return false;
} else {
//setcookie(name,value,expire,path,domain,secure,httponly);
setcookie('saguaro_auser', $check['user'], 0);
//, '/', SITE_ROOT_BD, false, true);
setcookie('saguaro_apass', $check['password'], 0);
//, '/', SITE_ROOT_BD, false, true);
return true;
}
}
return "<META HTTP-EQUIV='refresh' content='0;URL=" . PHP_ASELF_ABS . " '>";
}
function addStaff($user = 0, $pass1 = 0, $pass2 = 0, $perm)
{
global $mysql;
//add staff member
if (!valid('admin')) {
error("Permission denied");
}
if ($this->isStaff($mysql->escape_string($user))) {
error("This user already exists!");
}
switch ($perm) {
case 'admin':
$allowed = 'janitor_board,moderator,admin';
$denied = 'none';
break;
case 'mod':
$allowed = 'janitor_board,moderator';
$denied = 'admin';
break;
case 'janitor':
$allowed = 'janitor_board';
$denied = 'moderator, admin';
break;
default:
error("Attempted to set unknown permission type.");
break;
}
if ($pass1 !== $pass2) {
error("Passwords did not match!");
}
require_once CORE_DIR . "/crypt/legacy.php";
$crypt = new SaguaroCryptLegacy();
$salt = $crypt->generate_hash($pass2);
$mysql->query("INSERT INTO " . SQLMODSLOG . " (`user`, `password`, `public_salt`, `allowed`, `denied`) VALUES ('" . $mysql->escape_string($user) . "', '" . $salt['hash'] . "', '" . $salt['public_salt'] . "', '" . $allowed . "', '" . $denied . "')");
}
$tables = [SQLLOG => "primary key(no), no int not null auto_increment, now text, name text, email text, sub text, com text, host text, pwd text, ext text, w int, h int, tn_w int, tn_h int, tim text, time int, md5 text, fsize int, fname text, sticky int, permasage int, locked int, root timestamp, resto int, board text", SQLBANLOG => "num INT(25) PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(25), active INT(1), placedon VARCHAR(25), expires VARCHAR(25), board VARCHAR(50), type VARCHAR (2), reason VARCHAR(500), staffnotes VARCHAR(500) ", SQLMODSLOG => "user VARCHAR(25), password VARCHAR(250), public_salt VARCHAR(256), allowed VARCHAR(250), denied VARCHAR(250), PRIMARY KEY (user), UNIQUE KEY (user)", SQLDELLOG => "postno VARCHAR(250) PRIMARY KEY, imgonly VARCHAR(25), board VARCHAR(250), name VARCHAR(250), sub VARCHAR(50), com VARCHAR(" . S_POSTLENGTH . "), img VARCHAR(250), filename VARCHAR(250), admin VARCHAR(100)", "reports" => "num VARCHAR(250) PRIMARY KEY, no VARCHAR(25), board VARCHAR(250), type VARCHAR(250), time TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ip VARCHAR(250)", "loginattempts" => "userattempt VARCHAR(25) PRIMARY KEY, passattempt VARCHAR(250), board VARCHAR(250), ip VARCHAR(250), attemptno VARCHAR(50)", "rebuildqueue" => "board char(4) NOT NULL, no int(11) NOT NULL, ownedby int(11) NOT NULL default '0', ts timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (board,no,ownedby)"];
foreach ($tables as $table => $query) {
$sql = "SHOW TABLES LIKE '{$table}'";
$q = mysqli_query($mysqli, $sql);
$exists = mysqli_num_rows($q) > 0 ? true : false;
if ($exists) {
echo "<strong>{$table}</strong> table already exists.<br>";
} else {
echo "<strong>{$table}</strong> table does not exist, creating... ";
$status = mysqli_query($mysqli, "CREATE TABLE {$table} ({$query})");
echo $status ? $success : "(" . mysqli_errno($mysqli) . ") " . $fail;
}
mysqli_free_result($q);
}
if ($loaded['crypt']) {
$crypt = new SaguaroCryptLegacy();
echo "<br>Creating default accounts:<br>";
foreach ($defaults as $account) {
$password = $crypt->generate_hash($account['pass']);
//Generate password hash and public salt with SaguaroCrypt.
//$pass = ($autolock === true) ? "<span class='spoiler'>" . $account['pass'] . "</span>" : "";
echo "<strong>" . $account['name'] . "</strong> {$pass} (<span class='info' title='Privileges'>" . $account['priv'] . "</span> / <span class='info' title='Denied'>" . $account['deny'] . "</span>) ";
$status = mysqli_query($mysqli, "INSERT INTO " . SQLMODSLOG . " (user, password, public_salt, allowed, denied) VALUES ('{$account['name']}', '{$password['hash']}', '{$password['public_salt']}', '{$account['priv']}', '{$account['deny']}')");
$unfail = mysqli_errno($mysqli) == 1062 ? "<span class='fail'>ALREADY EXISTS</span><br>" : $fail;
echo $status ? $success : "(" . mysqli_errno($mysqli) . ") " . $unfail;
}
} else {
echo "<br><strong class='info' title='" . CORE_DIR . "/crypt/legacy.php'>SaguaroCrypt</strong> was not loaded, cannot create default accounts. <span class='info' title='SaguaroCrypt is used to encrypt passwords in the database.' style='font-style:italic;'>Why?</span>";
}
}
}
