function secpass_login_process()
{
$users = db_fetch_assoc('SELECT username FROM user_auth WHERE realm = 0');
$username = sanitize_search_string(get_request_var_post('login_username'));
# Mark failed login attempts
if (read_config_option('secpass_lockfailed') > 0) {
$max = intval(read_config_option('secpass_lockfailed'));
if ($max > 0) {
$p = get_request_var_post('login_password');
foreach ($users as $fa) {
if ($fa['username'] == $username) {
$user = db_fetch_assoc_prepared("SELECT * FROM user_auth WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username));
if (isset($user[0]['username'])) {
$user = $user[0];
$unlock = intval(read_config_option('secpass_unlocktime'));
if ($unlock > 1440) {
$unlock = 1440;
}
if ($unlock > 0 && time() - $user['lastfail'] > 60 * $unlock) {
db_execute_prepared("UPDATE user_auth SET lastfail = 0, failed_attempts = 0, locked = '' WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username));
$user['failed_attempts'] = $user['lastfail'] = 0;
$user['locked'] == '';
}
if ($user['password'] != md5($p)) {
$failed = $user['failed_attempts'] + 1;
if ($failed >= $max) {
db_execute_prepared("UPDATE user_auth SET locked = 'on' WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username));
$user['locked'] = 'on';
}
$user['lastfail'] = time();
db_execute_prepared("UPDATE user_auth SET lastfail = ?, failed_attempts = ? WHERE username = ? AND realm = 0 AND enabled = 'on'", array($user['lastfail'], $failed, $username));
if ($user['locked'] != '') {
auth_display_custom_error_message('This account has been locked.');
exit;
}
return false;
}
if ($user['locked'] != '') {
auth_display_custom_error_message('This account has been locked.');
exit;
}
}
}
}
}
}
# Check if old password doesn't meet specifications and must be changed
if (read_config_option('secpass_forceold') == 'on') {
$p = get_request_var_post('login_password');
$error = secpass_check_pass($p);
if ($error != '') {
foreach ($users as $fa) {
if ($fa['username'] == $username) {
db_execute_prepared("UPDATE user_auth SET must_change_password = '******' WHERE username = ? AND password = ? AND realm = 0 AND enabled = 'on'", array($username, md5(get_request_var_post('login_password'))));
return true;
}
}
}
}
# Set the last Login time
if (read_config_option('secpass_expireaccount') > 0) {
$p = get_request_var_post('login_password');
foreach ($users as $fa) {
if ($fa['username'] == $username) {
db_execute_prepared("UPDATE user_auth SET lastlogin = ? WHERE username = ? AND password = ? AND realm = 0 AND enabled = 'on'", array(time(), $username, md5(get_request_var_post('login_password'))));
}
}
}
return true;
}
/* set default action */
if (!isset($_REQUEST['action'])) {
$_REQUEST['action'] = '';
}
switch ($_REQUEST['action']) {
case 'changepassword':
if ($user['password'] != md5($_POST['current_password'])) {
$bad_password = true;
$errorMessage = "<span color='#FF0000'><strong>Your current password is not correct. Please try again.</strong></span>";
}
if ($user['password'] == md5($_POST['password'])) {
$bad_password = true;
$errorMessage = "<span color='#FF0000'><strong>Your new password can not be the same as the old password. Please try again.</strong></span>";
}
// Secpass checking
$error = secpass_check_pass($_POST['password']);
if ($error != '') {
$bad_password = true;
$errorMessage = "<span color='#FF0000'><strong>{$error}</strong></span>";
}
if (!secpass_check_history($_SESSION['sess_user_id'], $_POST['password'])) {
$bad_password = true;
$errorMessage = "<span color='#FF0000'><strong>You can not use a previously entered password!</strong></span>";
}
if ($bad_password == false && $_POST['password'] == $_POST['confirm'] && $_POST['password'] != '') {
// Password change is good to go
if (read_config_option('secpass_expirepass') > 0) {
db_execute("UPDATE user_auth SET lastchange = " . time() . " WHERE id = " . intval($_SESSION['sess_user_id']) . " AND realm = 0 AND enabled = 'on'");
}
$history = intval(read_config_option('secpass_history'));
if ($history > 0) {
