function email()
{
global $CONF, $DB, $FORM, $LNG, $TMPL;
$username = $DB->escape($FORM['u']);
list($email) = $DB->fetch("SELECT email FROM {$CONF['sql_prefix']}_sites WHERE username = '******'", __FILE__, __LINE__);
if ($email) {
require_once "{$CONF['path']}/sources/misc/session.php";
$session = new session();
$TMPL['sid'] = $session->create('lost_pw', $username, 0);
$lost_pw_email = new skin('lost_pw_email');
$lost_pw_email->send_email($email);
$TMPL['content'] = $this->do_skin('lost_pw_finish');
} else {
$this->error($LNG['g_invalid_u']);
}
}
function login()
{
global $CONF, $DB, $FORM, $LNG, $TMPL;
if (!isset($FORM['password']) || !$FORM['password']) {
$TMPL['content'] = $this->do_skin('admin_login');
} else {
list($admin_password) = $DB->fetch("SELECT admin_password FROM {$CONF['sql_prefix']}_etc", __FILE__, __LINE__);
if ($admin_password == md5($FORM['password'])) {
require_once "{$CONF['path']}/sources/misc/session.php";
$session = new session();
$session->create('admin', 1);
$this->main();
} else {
$this->error($LNG['g_invalid_p']);
}
}
}
function logon_perform()
{
$webtag = get_webtag();
// Check to see if the user is logging in as a guest or a normal user.
if (isset($_POST['guest_logon'])) {
// Check the Guest account is enabled.
if (!user_guest_enabled()) {
return false;
}
// Initialise Guest user session.
session::create(0);
// Success
return true;
} else {
if (isset($_POST['user_logon']) && isset($_POST['user_password'])) {
// Extract the submitted username
$user_logon = $_POST['user_logon'];
// Extract the submitted password
$user_password = $_POST['user_password'];
// Try and login the user.
if ($uid = user_logon($user_logon, $user_password)) {
// Initialise a user session.
session::create($uid);
// Check if we should save a token to allow auto logon,
if (isset($_POST['user_remember']) && $_POST['user_remember'] == 'Y') {
// Get a token for the entered password.
$user_token = user_generate_token($uid);
// Set a cookie with the logon and the token.
html_set_cookie('user_logon', $user_logon, time() + YEAR_IN_SECONDS);
html_set_cookie('user_token', $user_token, time() + YEAR_IN_SECONDS);
} else {
// Remove the cookie.
html_set_cookie('user_logon', '', time() - YEAR_IN_SECONDS);
html_set_cookie('user_token', '', time() - YEAR_IN_SECONDS);
}
// Success
return true;
}
}
}
// Failed
return false;
}
function content()
{
global $smarty;
if (trim($_POST['usrpass'])) {
if ($_POST['usrlogin'] == '' && $_POST['usrpass'] == ADMIN_PASSWORD && substr(ADMIN_PASSWORD, 0, 3) != '$1$' && substr(ADMIN_PASSWORD, 0, 3) != '$2$' && substr(ADMIN_PASSWORD, 0, 3) != '$2a$') {
@chmod("kbconfig.php", 0660);
if (!is_writeable("kbconfig.php")) {
$smarty->assign('error', 'Admin password is unencrypted and ' . 'kbconfig.php is not writeable. Either encrypt the admin ' . 'password or set kbconfig.php writeable.');
} else {
$kbconfig = file_get_contents('kbconfig.php');
$newpwd = preg_replace('/(\\$|\\\\)/', '\\\\$1', crypt(ADMIN_PASSWORD));
$kbconfig = preg_replace('/define\\s*\\(\\s*[\'"]ADMIN_PASSWORD[\'"]' . '[^)]*\\)/', "define('ADMIN_PASSWORD', '" . $newpwd . "')", $kbconfig);
file_put_contents("kbconfig.php", trim($kbconfig));
chmod("kbconfig.php", 0440);
session::create(true);
session_write_close();
header('Location: ' . htmlspecialchars_decode(edkURI::page('admin') . '&akey=' . session::makeKey()));
//session created but not in current page
die;
}
} else {
if ($_POST['usrlogin'] == '' && crypt($_POST['usrpass'], ADMIN_PASSWORD) == ADMIN_PASSWORD) {
session::create(true);
$page = preg_replace('/[^a-zA-Z0-9-_]/', '', edkURI::getArg("page", 1));
$page = $page ? $page : "admin";
header('Location: ' . htmlspecialchars_decode(edkURI::page('admin') . '&akey=' . session::makeKey()));
//session created but not in current page
session_write_close();
die;
} else {
$result = user::login($_POST['usrlogin'], $_POST['usrpass']);
if ($result) {
header('Location: ' . html_entity_decode(edkURI::page('home')));
die;
} else {
$smarty->assign('error', 'Login error, please check your username and password.');
}
}
}
}
return $smarty->fetch(get_tpl('user_login'));
}
function login()
{
global $CONF, $DB, $FORM, $LNG, $TMPL;
if (!isset($FORM['u']) || !isset($FORM['password']) || !$FORM['u'] || !$FORM['password']) {
$TMPL['content'] = $this->do_skin('user_cp_login');
} else {
$TMPL['username'] = $DB->escape($FORM['u']);
$password = md5($FORM['password']);
list($username, $active) = $DB->fetch("SELECT username, active FROM {$CONF['sql_prefix']}_sites WHERE username = '******'username']}' AND password = '******'", __FILE__, __LINE__);
if ($TMPL['username'] == $username) {
if ($active) {
require_once "{$CONF['path']}/sources/misc/session.php";
$session = new session();
$session->create('user_cp', $TMPL['username']);
$this->main();
} else {
$this->error($LNG['user_cp_inactive']);
}
} else {
$this->error($LNG['g_invalid_u_or_p']);
}
}
}
$y = intval(rand((int) ($size * 1.5), (int) ($ly - $size / 7)));
list($r, $g, $b) = random_color(0, 127);
$color = imagecolorallocate($image, $r, $g, $b);
list($r, $g, $b) = random_color(0, 127);
$shadow = imagecolorallocate($image, $r + 127, $g + 127, $b + 127);
$TTF_file = change_TTF();
imagettftext($image, $size, $angle, $x + (int) ($size / 15), $y, $shadow, $TTF_file, $text);
imagettftext($image, $size, $angle, $x, $y - (int) ($size / 15), $color, $TTF_file, $text);
$x += (int) ($size + $minsize / 5);
}
$ip = $DB->escape($_SERVER['REMOTE_ADDR'], 1);
$DB->query("DELETE FROM {$CONF['sql_prefix']}_sessions WHERE data LIKE '{$ip}|%'", __FILE__, __LINE__);
$data = "{$ip}|" . sha1(')F*RJ@FHR^%X' . $string . '(*Ht3h7f9&^F' . $ip);
require_once "{$CONF['path']}/sources/misc/session.php";
$session = new session();
$session->create('captcha', $data);
header('Pragma: no-cache');
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
header('Content-type: image/jpeg');
imagejpeg($image);
imagedestroy($image);
// Select a new random font
function change_TTF()
{
global $TTF_RANGE, $TTF_folder;
$key = array_rand($TTF_RANGE);
$TTF_file = $TTF_folder . $TTF_RANGE[$key];
return $TTF_file;
}
// Select a random color within a range
function random_color($min, $max)
function gateway($username)
{
global $CONF, $FORM, $TMPL;
require_once "{$CONF['path']}/sources/misc/session.php";
$session = new session();
$TMPL['sid'] = $session->create('gateway', $username);
$TMPL['username'] = $username;
echo $this->do_skin('gateway');
exit;
}
$url .= '?' . $_SERVER['QUERY_STRING'];
}
// Make sure there are no caching issues.
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: Mon, 26 Jul 1997 05:00:00 GMT");
$smarty = new Smarty();
$smarty->compile_dir = getcwd() . "/" . KB_CACHEDIR . '/templates_c';
$smarty->cache_dir = getcwd() . "/" . KB_CACHEDIR . '/data';
$smarty->template_dir = getcwd() . '/update/';
$smarty->assign('url', $url);
if (!session::isAdmin()) {
if (isset($_POST['usrpass']) && (crypt($_POST['usrpass'], ADMIN_PASSWORD) == ADMIN_PASSWORD || $_POST['usrpass'] == ADMIN_PASSWORD)) {
session::create(true);
$_SESSION['admin_key'] = session::makeKey();
if (strpos($url, '?') === false) {
header('Location: ' . $url . '?akey=' . session::makeKey());
} else {
header('Location: ' . $url . '&akey=' . session::makeKey());
}
die;
} else {
$smarty->assign('content', $smarty->fetch('update_login.tpl'));
$smarty->display('update.tpl');
die;
}
}
if (phpversion() < "5.1.2") {
$smarty->assign('content', "PHP version 5.1.2 or higher is required. You have version " . phpversion());
