Example #1
0
function renderError($errmsg)
{
    $sm = sminit("error.tpl", null, "profiles", false, false);
    $sm->assign("errmsg", $errmsg);
    $sm->display("error.tpl", null);
    die;
}
session_start();
if (isset($_POST['remember'])) {
    setcookie(THcookieid . "-uname", $_SESSION['username'], time() + THprofile_cookietime, THprofile_cookiepath);
    setcookie(THcookieid . "-id", $_SESSION['userid'], time() + THprofile_cookietime, THprofile_cookiepath);
}
if (!isset($_GET['action'])) {
    $_GET['action'] = '';
}
$db = new ThornProfileDBI();
if ($_GET['action'] == "login") {
    $sm = sminit("login.tpl", null, "profiles", false, false);
    // Three POST parameters:
    // $_POST['name'], $_POST['password'], $_POST['remember']
    if (isset($_POST['name']) && isset($_POST['password'])) {
        $userdata = $db->getuserdata_login($_POST['name'], $_POST['password']);
        if ($userdata != NULL) {
            $_SESSION['username'] = $userdata['username'];
            $_SESSION['userid'] = generateRandID();
            $_SESSION['userlevel'] = $userdata['userlevel'];
            $_SESSION['admin'] = $userdata['mod_admin'];
            $_SESSION['mod_array'] = $userdata['mod_array'];
            $_SESSION['mod_global'] = $userdata['mod_global'];
            if ($userdata['mod_global'] || $userdata['mod_array']) {
                $_SESSION['moderator'] = true;
Example #2
0
/**
 * Check the user's login status based on certain stored cookie values
 * and the state of their $_SESSION variables.  Sets their session vars
 * as appropriate (if it's an invalid login state, their session data
 * is reset, but if they're logged in correctly with no session data,
 * that is rectified as well) 
 */
function checklogin()
{
    if (isset($_COOKIE['THcookieid' . "-uname"]) && isset($_COOKIE['THcookieid' . "-id"])) {
        // verify login information
        $db = new ThornProfileDBI();
        $userdata = $db->getuserdata_cookielogin($_COOKIE[THcookieid . "-uname"], $_COOKIE[THcookieid . "-id"]);
        if ($userdata == null) {
            // No dice.
            setcookie(THcookieid . "-uname", "", time() - THprofile_cookietime, THprofile_cookiepath);
            setcookie(THcookieid . "-id", "", time() - THprofile_cookietime, THprofile_cookiepath);
            /* Unset PHP session variables */
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            unset($_SESSION['userlevel']);
            unset($_SESSION['admin']);
            unset($_SESSION['moderator']);
            unset($_SESSION['mod_array']);
        } elseif (!isset($_SESSION['username'])) {
            // Okay, they have a valid ID for a login, but no session data.  Let's rectify that.
            $_SESSION['username'] = $userdata['username'];
            $_SESSION['userlevel'] = $userdata['userlevel'];
            $_SESSION['admin'] = $userdata['mod_admin'];
            $_SESSION['mod_array'] = $userdata['mod_array'];
            $_SESSION['mod_global'] = $userdata['mod_global'];
            if ($userdata['mod_global'] || $userdata['mod_array']) {
                $_SESSION['moderator'] = true;
            }
        }
    }
    //		elseif (isset($_SESSION['username']))
    //		{
    //			/* Unset PHP session variables */
    //			unset($_SESSION['username']);
    //			unset($_SESSION['userid']);
    //			unset($_SESSION['userlevel']);
    //			unset($_SESSION['admin']);
    //			unset($_SESSION['moderator']);
    //			unset($_SESSION['mod_array']);
    //		}
}
Example #3
0
    foreach ($filters as $filt) {
        if ($_POST['del' . $filt['id']]) {
            $db->deleteBCW(THbcw_filter, $filt['id']);
            $actionstring = "WF delete\tid:" . $filt['id'];
            writelog($actionstring, "admin");
        } else {
            $filter = array('id' => (int) $_POST['id' . $filt['id']], 'from' => $_POST['from' . $filt['id']], 'to' => $_POST['to' . $filt['id']], 'notes' => $_POST['notes' . $filt['id']]);
            $db->updateBCW(THbcw_filter, $filter['id'], $filter['from'], $filter['to'], $filter['notes']);
        }
    }
    rebuild_filters();
    header("Location: " . THurl . "admin.php?a=w");
} elseif ($_GET['t'] == "au") {
    $errorstring = "";
    if (isset($_POST['user'])) {
        $profile_dbi = new ThornProfileDBI();
        // This encapsulates the DB queries we need
        $username = trim($_POST['user']);
        $password = trim($_POST['password']);
        $email = trim($_POST['email']);
        // Name validation
        // Check if the account exists
        if ($profile_dbi->userexists($username) == true) {
            $errorstring .= "Sorry, an account with this name already exists.<br />\n";
        }
        if (!preg_match('/^([\\w\\.])+$/i', $username)) {
            $errorstring .= "Sorry, your name must be alphanumeric and contain no spaces.<br />\n";
        }
        // Password validation
        if ($password) {
            $passlength = strlen($password);