function renderError($errmsg) { $sm = sminit("error.tpl", null, "profiles", false, false); $sm->assign("errmsg", $errmsg); $sm->display("error.tpl", null); die; } session_start(); if (isset($_POST['remember'])) { setcookie(THcookieid . "-uname", $_SESSION['username'], time() + THprofile_cookietime, THprofile_cookiepath); setcookie(THcookieid . "-id", $_SESSION['userid'], time() + THprofile_cookietime, THprofile_cookiepath); } if (!isset($_GET['action'])) { $_GET['action'] = ''; } $db = new ThornProfileDBI(); if ($_GET['action'] == "login") { $sm = sminit("login.tpl", null, "profiles", false, false); // Three POST parameters: // $_POST['name'], $_POST['password'], $_POST['remember'] if (isset($_POST['name']) && isset($_POST['password'])) { $userdata = $db->getuserdata_login($_POST['name'], $_POST['password']); if ($userdata != NULL) { $_SESSION['username'] = $userdata['username']; $_SESSION['userid'] = generateRandID(); $_SESSION['userlevel'] = $userdata['userlevel']; $_SESSION['admin'] = $userdata['mod_admin']; $_SESSION['mod_array'] = $userdata['mod_array']; $_SESSION['mod_global'] = $userdata['mod_global']; if ($userdata['mod_global'] || $userdata['mod_array']) { $_SESSION['moderator'] = true;
/** * Check the user's login status based on certain stored cookie values * and the state of their $_SESSION variables. Sets their session vars * as appropriate (if it's an invalid login state, their session data * is reset, but if they're logged in correctly with no session data, * that is rectified as well) */ function checklogin() { if (isset($_COOKIE['THcookieid' . "-uname"]) && isset($_COOKIE['THcookieid' . "-id"])) { // verify login information $db = new ThornProfileDBI(); $userdata = $db->getuserdata_cookielogin($_COOKIE[THcookieid . "-uname"], $_COOKIE[THcookieid . "-id"]); if ($userdata == null) { // No dice. setcookie(THcookieid . "-uname", "", time() - THprofile_cookietime, THprofile_cookiepath); setcookie(THcookieid . "-id", "", time() - THprofile_cookietime, THprofile_cookiepath); /* Unset PHP session variables */ unset($_SESSION['username']); unset($_SESSION['userid']); unset($_SESSION['userlevel']); unset($_SESSION['admin']); unset($_SESSION['moderator']); unset($_SESSION['mod_array']); } elseif (!isset($_SESSION['username'])) { // Okay, they have a valid ID for a login, but no session data. Let's rectify that. $_SESSION['username'] = $userdata['username']; $_SESSION['userlevel'] = $userdata['userlevel']; $_SESSION['admin'] = $userdata['mod_admin']; $_SESSION['mod_array'] = $userdata['mod_array']; $_SESSION['mod_global'] = $userdata['mod_global']; if ($userdata['mod_global'] || $userdata['mod_array']) { $_SESSION['moderator'] = true; } } } // elseif (isset($_SESSION['username'])) // { // /* Unset PHP session variables */ // unset($_SESSION['username']); // unset($_SESSION['userid']); // unset($_SESSION['userlevel']); // unset($_SESSION['admin']); // unset($_SESSION['moderator']); // unset($_SESSION['mod_array']); // } }
foreach ($filters as $filt) { if ($_POST['del' . $filt['id']]) { $db->deleteBCW(THbcw_filter, $filt['id']); $actionstring = "WF delete\tid:" . $filt['id']; writelog($actionstring, "admin"); } else { $filter = array('id' => (int) $_POST['id' . $filt['id']], 'from' => $_POST['from' . $filt['id']], 'to' => $_POST['to' . $filt['id']], 'notes' => $_POST['notes' . $filt['id']]); $db->updateBCW(THbcw_filter, $filter['id'], $filter['from'], $filter['to'], $filter['notes']); } } rebuild_filters(); header("Location: " . THurl . "admin.php?a=w"); } elseif ($_GET['t'] == "au") { $errorstring = ""; if (isset($_POST['user'])) { $profile_dbi = new ThornProfileDBI(); // This encapsulates the DB queries we need $username = trim($_POST['user']); $password = trim($_POST['password']); $email = trim($_POST['email']); // Name validation // Check if the account exists if ($profile_dbi->userexists($username) == true) { $errorstring .= "Sorry, an account with this name already exists.<br />\n"; } if (!preg_match('/^([\\w\\.])+$/i', $username)) { $errorstring .= "Sorry, your name must be alphanumeric and contain no spaces.<br />\n"; } // Password validation if ($password) { $passlength = strlen($password);