public function login($login = '', $password = '') { // user data initialization if (isset($_POST['login']) && isset($_POST['password'])) { $login = trim($_POST['login']); $password = trim($_POST['password']); } // /user data initialization // $login=trim($login); $password=trim($password); if ($login != '' && $password != '') { if ($this->check_login($login) && $this->check_password($password)) { $DB = \DB::init(); if ($DB->connect()) { $sth = $DB->dbh->prepare("SELECT * FROM `n-users` WHERE LOWER(`usr-login`) = LOWER(?) LIMIT 1;"); // \CORE::msg('debug','User login check'); $sth->bindParam(1, $login, \PDO::PARAM_STR); $sth->execute(); $DB->query_count(); if ($sth->rowCount() == 1) { $r = $sth->fetch(); $salt = $r['usr-salt']; $hashpass = md5(md5($password) . $salt); $sth = $DB->dbh->prepare("SELECT * FROM `n-users` WHERE LOWER(`usr-login`)=LOWER(:login) AND `usr-pwd`=:hashpass LIMIT 1;"); $sth->execute(array(':login' => $login, ':hashpass' => $hashpass)); $DB->query_count(); \CORE::msg('debug', 'User login and password check'); if ($sth->rowCount() == 1) { if ($r['usr-status'] > 0) { $r = $sth->fetch(); // check profile data here, if needed \SESSION::start(); // here may be some additional records, like when loged in, which ip, etc $uid = (int) $r['usr-uid']; $gid = (int) $r['usr-gid']; \SESSION::set('uid', $uid); \SESSION::set('gid', $gid); \SESSION::set('user', $login); \COOKIE::set('lastuser', $login); // optional if (isset($r['usr-pid'])) { if ($r['usr-pid'] != '') { $pid = (int) $r['usr-pid']; \SESSION::set('pid', $pid); } } // setcookie(PREFX.'st',1,time()+3600); // 1 hour if (isset($_POST['cookie'])) { //// $time=86400; // 24 hours //// setcookie(PREFIX."ul", base64_encode($login), time()+$time, "/"); } $sth = $DB->dbh->prepare("UPDATE `n-users` SET `usr-lastlogin`=CURRENT_TIMESTAMP() WHERE `usr-uid`=?;"); $sth->execute(array($uid)); $DB->query_count(); // \CORE::msg('debug','User is logged in'); header('Location: ./'); exit; } else { \CORE::msg('error', 'Account is currently locked'); } } else { \CORE::msg('error', 'Incorrect username or password'); } } else { \CORE::msg('error', 'Incorrect username or password'); } } } else { \CORE::msg('error', 'Username or password is not valid'); } } else { \CORE::msg('error', 'Empty username or password'); } }
public static function check_lang() { global $conf; if (isset($conf['lang'])) { $lang = $conf['lang']; $langs = CORE::init()->langs; $ln = COOKIE::get('lang'); if ($ln != '') { $lang = $ln; } if (isset($_GET['lang'])) { $ln = trim($_GET['lang']); if (isset($langs[$ln])) { COOKIE::set('lang', $ln); $lang = $ln; } } if (isset($langs[$lang])) { CORE::init()->lang = $lang; } CORE::msg('debug', 'language: ' . CORE::init()->lang); } }