function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = stripslashes(@$_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
$password = md5($password);
$config['user']->doLogin($username, $password);
if ($config['user']->isOk() && getVar('error') == '') {
// success
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
}
function doChangePassword()
{
global $config;
if (!isset($_POST[CHANGEPASS_FORM_PASSWORD]) || !isset($_POST[CHANGEPASS_FORM_CONFIRM])) {
return NULL;
}
$password = trim(stripslashes(@$_POST[CHANGEPASS_FORM_PASSWORD]));
$confirm = trim(stripslashes(@$_POST[CHANGEPASS_FORM_CONFIRM]));
unset($_POST[CHANGEPASS_FORM_PASSWORD]);
unset($_POST[CHANGEPASS_FORM_CONFIRM]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check passwords match
if ($password !== $confirm) {
$_SESSION['error'][] = 'Passwords don\'t match. Please try again.';
return FALSE;
}
// check password length
if (strlen($password) < 6) {
$_SESSION['error'][] = 'Password is to short, must be at least 6 characters long.';
return FALSE;
}
// update password in database
$result = $config['user']->ChangePassword(md5($password));
// successful change
if ($result !== FALSE) {
// password has been changed
$_SESSION['Temp Pass'] = FALSE;
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE || strpos($lastpage, 'changepass') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
return FALSE;
}
function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return NULL;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = trim(stripslashes(@$_POST[LOGIN_FORM_PASSWORD]));
unset($_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check hashed password
$result = $config['user']->doLogin($username, md5($password));
// try temporary password
if ($result !== TRUE && strlen($password) < 32) {
// unset($_GET['error']);
$result = $config['user']->doLogin($username, $password);
if ($result === TRUE && $config['user']->isOk() && getVar('error') == '') {
$_SESSION['Temp Pass'] = TRUE;
unset($_SESSION['error']);
}
}
// successful login
if ($result !== FALSE && $config['user']->isOk() && getVar('error') == '') {
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
return TRUE;
}
if ($config['user']->isLocked()) {
echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 4);
exit;
}
// buy auction
if (AuctionFuncs::BuyAuction(getVar('auctionid', 'int', 'post'), getVar('qty', 'int', 'post'))) {
echo '<center><h2>Auction purchased successfully!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 2);
exit;
}
echo $config['error'];
exit;
}
if ($config['action'] == 'cancel') {
CSRF::ValidateToken();
// inventory is locked
if ($config['user']->isLocked()) {
echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 4);
exit;
}
// cancel auction
if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
echo '<center><h2>Auction canceled!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 2);
exit;
}
echo $config['error'];
exit;
}
