Esempio n. 1
0
function Login()
{
    $username = mysql_escape_string($_POST['username']);
    $password = mysql_escape_string($_POST['password']);
    if (empty($username)) {
        $error = "Username is empty!";
        return array(false, $error);
    }
    if (empty($password)) {
        $error = "Password is empty!";
        return array(false, $error);
    }
    $query = sprintf("SELECT password, first_name, preferred_name, statusID FROM users WHERE username = '%s'", $username);
    $get_hash = mysql_query($query);
    if (!$get_hash) {
        die('This is an error message: ' . mysql_error());
    }
    $row = mysql_fetch_array($get_hash, MYSQL_NUM);
    if (!$row) {
        $error = "User not found!";
        return array(false, $error);
    }
    $hash = $row[0];
    $name = $row[1];
    $pref = $row[2];
    $statusID = $row[3];
    if (!ValidatePassword($password, $hash)) {
        $error = "Password not correct!";
        return array(false, $error);
    }
    /* Ensure that we don't already have a session */
    session_set_cookie_params(86400, '/', '.wsbf.net');
    if (!session_id()) {
        session_start();
    }
    $query = sprintf("SELECT positionID FROM staff WHERE username = '%s' AND start_date < NOW() AND end_date > NOW()", $username);
    $get_position = mysql_query($query);
    if (!$get_position) {
        die('This is an error message: ' . mysql_error());
    }
    if (mysql_num_rows($get_position) > 0) {
        $num = 0;
        while ($row = mysql_fetch_array($get_position, MYSQL_NUM)) {
            $positionID[$num] = $row[$num];
            $num++;
        }
        $_SESSION['positionID'] = $positionID;
    }
    $_SESSION['username'] = $username;
    $_SESSION['preferred_name'] = $pref;
    $_SESSION['statusID'] = $statusID;
    return array(true, $name);
}
Esempio n. 2
0
File: usercp.php Progetto: OvBB/v1.0
function EditPassword()
{
    global $CFG;
    // Are they submitting information?
    if (isset($_REQUEST['submit'])) {
        // Yup, so try and validate it; submit it to the database if everything's okay.
        $aError = ValidatePassword($_REQUEST['presentpw'], $_REQUEST['newpwa'], $_REQUEST['newpwb']);
    }
    // Template
    require "./skins/{$CFG['skin']}/usercp/password.tpl.php";
    // Send the page.
    exit;
}
Esempio n. 3
0
echo $PHP_SELF;
?>
">
		<tr><td align="center">
			<table>
			<?php 
if (isset($submit)) {
    if ($submit == "OK") {
        if (!empty($senhaantiga) and !empty($novasenha) and !empty($novasenha2)) {
            // Pega senha atual
            $results = ldap_search($conexao, "ou=System," . $dn, "cn=" . $usuario);
            $numresults = ldap_count_entries($conexao, $results);
            $info = ldap_get_entries($conexao, $results);
            $senhaantigaldap = $info[0]["userpassword"][0];
            // Verificando senha antiga
            if (!ValidatePassword($senhaantiga, $senhaantigaldap)) {
                echo "<tr><td><font color=\"red\"><b>Senha atual não é válida!</b></font></td></tr>";
                echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>";
            } else {
                if ($novasenha != $novasenha2) {
                    echo "<tr><td><font color=\"red\"><b>As novas senhas não são iguais!</b></font></td></tr>";
                    echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>";
                } else {
                    // Alterar senha
                    $entry["userpassword"][0] = HashPassword($novasenha);
                    $uptdn = "cn=" . $usuario . ",ou=System," . $dn;
                    if (ldap_modify($conexao, $uptdn, $entry)) {
                        echo "<tr><td align=\"center\"><b>Senha atualizada com sucesso!<br>Por favor, efetue o <i>logout</i> e <i>login</i> no sistema novamente!</b></td></tr>";
                        echo "<tr><td align=\"center\"><a href=\"logout.php\">Logout!</a></td></tr>";
                    } else {
                        echo "<tr><td align=\"center\"><font color=\"red\"><b>A senha não foi atualizada!<br>(" . ldap_error($conexao) . ")</b></font></td></tr>";
Esempio n. 4
0
function do_login($box_text = '', $need_admin = false, $extra_vars = false) {
	global $config, $user;

	$error = w();
	$action = request_var('mode', '');

	if (empty($user->data)) {
		$user->init(false);
	}
	if (empty($user->lang)) {
		$user->setup();
	}

	if ($user->is('bot')) {
		redirect(s_link());
	}

	$code_invite = request_var('invite', '');
	$admin       = _button('admin');
	$login       = _button('login');
	$submit      = _button();
	$need_auth   = false;

	if ($admin) {
		$need_auth = true;
	}

	$v_fields = array(
		'username' => '',
		'email' => '',
		'email_confirm' => '',
		'key' => '',
		'key_confirm' => '',
		'gender' => 0,
		'birthday_month' => 0,
		'birthday_day' => 0,
		'birthday_year' => 0,
		'tos' => 0,
		'ref' => 0
	);

	if (!empty($code_invite)) {
		$sql = 'SELECT i.invite_email, m.user_email
			FROM _members_ref_invite i, _members m
			WHERE i.invite_code = ?
				AND i.invite_uid = m.user_id';
		if (!$invite_row = sql_fieldrow(sql_filter($sql, $code_invite))) {
			fatal_error();
		}

		$v_fields['ref'] = $invite_row['user_email'];
		$v_fields['email'] = $invite_row['invite_email'];
		unset($invite_row);
	}

	switch ($action) {
		case 'in':
			if ($user->is('member') && !$admin) {
				redirect(s_link());
			}

			if ($login && (!$user->is('member') || $admin)) {
				$username = request_var('username', '');
				$password = request_var('password', '');
				$ref = request_var('ref', '');

				if (!empty($username) && !empty($password)) {
					$username_base = get_username_base($username);

					$sql = 'SELECT user_id, username, user_password, user_type, user_country, user_avatar, user_location, user_gender, user_birthday
						FROM _members
						WHERE username_base = ?';
					if ($row = sql_fieldrow(sql_filter($sql, $username_base))) {
						$exclude_type = array(USER_INACTIVE);

						if (ValidatePassword($password, $row['user_password']) && (!in_array($row['user_type'], $exclude_type))) {
							$user->session_create($row['user_id'], $admin);

							if (!$row['user_country'] || !$row['user_location'] || !$row['user_gender'] || !$row['user_birthday'] || !$row['user_avatar']) {
								$ref = s_link('my', 'profile');
							} else {
								$ref = (empty($ref) || (preg_match('#' . preg_quote($config['server_name']) . '/$#', $ref))) ? s_link('today') : $ref;
							}

							redirect($ref);
						}
					}
				}
			}
			break;
		case 'out':
			if ($user->is('member')) {
				$user->session_kill();
			}

			redirect(s_link());
			break;
		case 'up':
			if ($user->is('member')) {
				redirect(s_link('my profile'));
			} else if ($user->is('bot')) {
				redirect(s_link());
			}

			$code = request_var('code', '');

			if (!empty($code)) {
				if (!preg_match('#([a-z0-9]+)#is', $code)) {
					fatal_error();
				}

				$sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email
					FROM _crypt_confirm c, _members m
					WHERE c.crypt_code = ?
						AND c.crypt_userid = m.user_id';
				if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) {
					fatal_error();
				}

				$user_id = $crypt_data['user_id'];

				$sql = 'UPDATE _members SET user_type = ?
					WHERE user_id = ?';
				sql_query(sql_filter($sql, USER_NORMAL, $user_id));

				$sql = 'DELETE FROM _crypt_confirm
					WHERE crypt_code = ?
						AND crypt_userid = ?';
				sql_query(sql_filter($sql, $code, $user_id));

				$emailer = new emailer();

				$emailer->from('info');
				$emailer->use_template('user_welcome_confirm');
				$emailer->email_address($crypt_data['user_email']);

				$emailer->assign_vars(array(
					'USERNAME' => $crypt_data['username'])
				);
				$emailer->send();
				$emailer->reset();

				$user->session_create($user_id, 0);

				//
				if (empty($user->data)) {
					$user->init();
				}
				if (empty($user->lang)) {
					$user->setup();
				}

				$custom_vars = array(
					'S_REDIRECT' => '',
					'MESSAGE_TITLE' => lang('information'),
					'MESSAGE_TEXT' => lang('membership_added_confirm')
				);
				page_layout('INFORMATION', 'message', $custom_vars);
			}

			//
			/*$sql = 'SELECT *
				FROM _members_ref_assoc
				WHERE ref_uid = ?';
			if ($ref_assoc = sql_fieldrow(sql_filter($sql, $user_id))) {
				if ($user_id != $ref_assoc['ref_orig']) {
					$user->points_add(3, $ref_assoc['ref_orig']);

					$sql_insert = array(
						'user_id' => $user_id,
						'buddy_id' => $ref_assoc['ref_orig'],
						'friend_time' => time()
					);
					sql_insert('members_friends', $sql_insert);

					$sql_insert = array(
						'user_id' => $ref_assoc['ref_orig'],
						'buddy_id' => $user_id,
						'friend_time' => time()
					);
					sql_insert('members_friends', $sql_insert);

					$user->save_unread(UH_FRIEND, $user_id, 0, $ref_assoc['ref_orig']);
				}

				$sql = 'DELETE FROM _members_ref_assoc
					WHERE ref_id = ?';
				sql_query(sql_filter($sql, $ref_assoc['ref_id']));
			}

			//
			$sql = 'SELECT *
				FROM _members_ref_invite
				WHERE invite_email = ?';
			if ($row = sql_fieldrow(sql_filter($sql, $crypt_data['user_email']))) {
				$sql = 'DELETE FROM _members_ref_invite
					WHERE invite_code = ?';
				sql_query(sql_filter($sql, $row['invite_code']));
			}

			//
			$emailer = new emailer();

			$emailer->from('info');
			$emailer->use_template('user_welcome_confirm');
			$emailer->email_address($crypt_data['user_email']);

			$emailer->assign_vars(array(
				'USERNAME' => $crypt_data['username'])
			);
			$emailer->send();
			$emailer->reset();

			//
			if (empty($user->data)) {
				$user->init();
			}
			if (empty($user->lang)) {
				$user->setup();
			}

			$custom_vars = array(
				'S_REDIRECT' => '',
				'MESSAGE_TITLE' => lang('information'),
				'MESSAGE_TEXT' => lang('membership_added_confirm')
			);
			page_layout('INFORMATION', 'message', $custom_vars);
			 * */

			if ($submit) {
				foreach ($v_fields as $k => $v) {
					$v_fields[$k] = request_var($k, $v);
				}

				if (empty($v_fields['username'])) {
					$error['username'] = 'EMPTY_USERNAME';
				} else {
					$len_username = strlen($v_fields['username']);

					if (($len_username < 2) || ($len_username > 20) || !get_username_base($v_fields['username'], true)) {
						$error['username'] = 'USERNAME_INVALID';
					}

					if (!sizeof($error)) {
						$result = validate_username($v_fields['username']);
						if ($result['error']) {
							$error['username'] = $result['error_msg'];
						}
					}

					if (!sizeof($error)) {
						$v_fields['username_base'] = get_username_base($v_fields['username']);

						$sql = 'SELECT user_id
							FROM _members
							WHERE username_base = ?';
						if (sql_field(sql_filter($sql, $v_fields['username_base']), 'user_id', 0)) {
							$error['username'] = 'USERNAME_TAKEN';
						}
					}

					if (!sizeof($error)) {
						$sql = 'SELECT ub
							FROM _artists
							WHERE subdomain = ?';
						if (sql_field(sql_filter($sql, $v_fields['username_base']), 'ub', 0)) {
							$error['username'] = 'USERNAME_TAKEN';
						}
					}
				}

				if (empty($v_fields['email']) || empty($v_fields['email_confirm'])) {
					if (empty($v_fields['email'])) {
						$error['email'] = 'EMPTY_EMAIL';
					}

					if (empty($v_fields['email_confirm'])) {
						$error['email_confirm'] = 'EMPTY_EMAIL_CONFIRM';
					}
				} else {
					if ($v_fields['email'] == $v_fields['email_confirm']) {
						$result = validate_email($v_fields['email']);
						if ($result['error']) {
							$error['email'] = $result['error_msg'];
						}
					} else {
						$error['email'] = 'EMAIL_MISMATCH';
						$error['email_confirm'] = 'EMAIL_MISMATCH';
					}
				}

				if (!empty($v_fields['key']) && !empty($v_fields['key_confirm'])) {
					if ($v_fields['key'] != $v_fields['key_confirm']) {
						$error['key'] = 'PASSWORD_MISMATCH';
					} else if (strlen($v_fields['key']) > 32) {
						$error['key'] = 'PASSWORD_LONG';
					}
				} else {
					if (empty($v_fields['key'])) {
						$error['key'] = 'EMPTY_PASSWORD';
					} elseif (empty($v_fields['key_confirm'])) {
						$error['key_confirm'] = 'EMPTY_PASSWORD_CONFIRM';
					}
				}

				if (!$v_fields['birthday_month'] || !$v_fields['birthday_day'] || !$v_fields['birthday_year']) {
					$error['birthday'] = 'EMPTY_BIRTH_MONTH';
				}

				if (!$v_fields['tos']) {
					$error['tos'] = 'AGREETOS_ERROR';
				}

				if (!sizeof($error)) {
					//$v_fields['country'] = strtolower(geoip_country_code_by_name($user->ip));
					$v_fields['country'] = 90;
					$v_fields['birthday'] = leading_zero($v_fields['birthday_year']) . leading_zero($v_fields['birthday_month']) . leading_zero($v_fields['birthday_day']);

					$member_data = array(
						'user_type' => USER_INACTIVE,
						'user_active' => 1,
						'username' => $v_fields['username'],
						'username_base' => $v_fields['username_base'],
						'user_password' => HashPassword($v_fields['key']),
						'user_regip' => $user->ip,
						'user_session_time' => 0,
						'user_lastpage' => '',
						'user_lastvisit' => time(),
						'user_regdate' => time(),
						'user_level' => 0,
						'user_posts' => 0,
						'userpage_posts' => 0,
						'user_points' => 0,
						'user_timezone' => $config['board_timezone'],
						'user_dst' => $config['board_dst'],
						'user_lang' => $config['default_lang'],
						'user_dateformat' => $config['default_dateformat'],
						'user_country' => (int) $v_fields['country'],
						'user_rank' => 0,
						'user_avatar' => '',
						'user_avatar_type' => 0,
						'user_email' => $v_fields['email'],
						'user_lastlogon' => 0,
						'user_totaltime' => 0,
						'user_totallogon' => 0,
						'user_totalpages' => 0,
						'user_gender' => $v_fields['gender'],
						'user_birthday' => (string) $v_fields['birthday'],
						'user_mark_items' => 0,
						'user_topic_order' => 0,
						'user_email_dc' => 1,
						'user_refop' => 0,
						'user_refby' => $v_fields['ref']
					);
					$user_id = sql_insert('members', $member_data);

					set_config('max_users', $config['max_users'] + 1);

					// Confirmation code
					$verification_code = md5(unique_id());

					$insert = array(
						'crypt_userid' => $user_id,
						'crypt_code' => $verification_code,
						'crypt_time' => $user->time
					);
					sql_insert('crypt_confirm', $insert);

					// Emailer
					$emailer = new emailer();

					if (!empty($v_fields['ref'])) {
						$valid_ref = email_format($v_fields['ref']);

						if ($valid_ref) {
							$sql = 'SELECT user_id
								FROM _members
								WHERE user_email = ?';
							if ($ref_friend = sql_field(sql_filter($sql, $v_fields['ref']), 'user_id', 0)) {
								$sql_insert = array(
									'ref_uid' => $user_id,
									'ref_orig' => $ref_friend
								);
								sql_insert('members_ref_assoc', $sql_insert);

								$sql_insert = array(
									'user_id' => $user_id,
									'buddy_id' => $ref_friend,
									'friend_time' => time()
								);
								sql_insert('members_friends', $sql_insert);
							} else {
								$invite_user = explode('@', $v_fields['ref']);
								$invite_code = substr(md5(unique_id()), 0, 6);

								$sql_insert = array(
									'invite_code' => $invite_code,
									'invite_email' => $v_fields['ref'],
									'invite_uid' => $user_id
								);
								sql_insert('members_ref_invite', $sql_insert);

								$emailer->from('info');
								$emailer->use_template('user_invite');
								$emailer->email_address($v_fields['ref']);

								$emailer->assign_vars(array(
									'INVITED' => $invite_user[0],
									'USERNAME' => $v_fields['username'],
									'U_REGISTER' => s_link('my register a', $invite_code))
								);
								$emailer->send();
								$emailer->reset();
							}
						}
					}

					// Send confirm email
					$emailer->from('info');
					$emailer->use_template('user_welcome');
					$emailer->email_address($v_fields['email']);

					$emailer->assign_vars(array(
						'USERNAME' => $v_fields['username'],
						'U_ACTIVATE' => 'http:' . s_link('signup', $verification_code))
					);
					$emailer->send();
					$emailer->reset();

					$custom_vars = array(
						'MESSAGE_TITLE' => lang('information'),
						'MESSAGE_TEXT' => lang('membership_added')
					);
					page_layout('INFORMATION', 'message', $custom_vars);
					/*
					$user->session_create($user_id, 0);

					redirect(s_link());
					*/
				}
			}
			break;
		case 'r':
			if ($user->is('member')) {
				redirect(s_link('my profile'));
			} else if ($user->is('bot')) {
				redirect(s_link());
			}

			$code = request_var('code', '');

			if (request_var('r', 0)) {
				redirect(s_link());
			}

			if (!empty($code)) {
				if (!preg_match('#([a-z0-9]+)#is', $code)) {
					fatal_error();
				}

				$sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email
					FROM _crypt_confirm c, _members m
					WHERE c.crypt_code = ?
						AND c.crypt_userid = m.user_id';
				if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) {
					fatal_error();
				}

				if (_button()) {
					$password = request_var('newkey', '');
					$password2 = request_var('newkey2', '');

					if (!empty($password)) {
						if ($password === $password2) {
							$crypt_password = HashPassword($password);

							$sql = 'UPDATE _members SET user_password = ?
								WHERE user_id = ?';
							sql_query(sql_filter($sql, $crypt_password, $crypt_data['user_id']));

							$sql = 'DELETE FROM _crypt_confirm
								WHERE crypt_userid = ?';
							sql_query(sql_filter($sql, $crypt_data['user_id']));

							// Send email
							$emailer = new emailer();

							$emailer->from('info');
							$emailer->use_template('user_confirm_passwd', $config['default_lang']);
							$emailer->email_address($crypt_data['user_email']);

							$emailer->assign_vars(array(
								'USERNAME' => $crypt_data['username'],
								'PASSWORD' => $password,
								'U_PROFILE' => s_link('m', $crypt_data['username_base']))
							);
							$emailer->send();
							$emailer->reset();

							//
							v_style(array(
								'PAGE_MODE' => 'updated'
							));
						} else {
							v_style(array(
								'PAGE_MODE' => 'nomatch',
								'S_CODE' => $code)
							);
						}
					} else {
						v_style(array(
							'PAGE_MODE' => 'nokey',
							'S_CODE' => $code)
						);
					}
				} else {
					v_style(array(
						'PAGE_MODE' => 'verify',
						'S_CODE' => $code)
					);
				}
			} else if (_button()) {
				$email = request_var('address', '');
				if (empty($email) || !email_format($email)) {
					fatal_error();
				}

				$sql = 'SELECT *
					FROM _members
					WHERE user_email = ?
						AND user_active = 1
						AND user_type NOT IN (??, ??)
						AND user_id NOT IN (
							SELECT ban_userid
							FROM _banlist
						)';
				if (!$userdata = sql_fieldrow(sql_filter($sql, $email, USER_INACTIVE, USER_FOUNDER))) {
					fatal_error();
				}

				$emailer = new emailer();

				$verification_code = md5(unique_id());

				$sql = 'DELETE FROM _crypt_confirm
					WHERE crypt_userid = ?';
				sql_query(sql_filter($sql, $userdata['user_id']));

				$insert = array(
					'crypt_userid' => $userdata['user_id'],
					'crypt_code' => $verification_code,
					'crypt_time' => $user->time
				);
				sql_insert('crypt_confirm', $insert);

				// Send email
				$emailer->from('info');
				$emailer->use_template('user_activate_passwd', $config['default_lang']);
				$emailer->email_address($userdata['user_email']);

				$emailer->assign_vars(array(
					'USERNAME' => $userdata['username'],
					'U_ACTIVATE' => s_link('signr', $verification_code))
				);
				$emailer->send();
				$emailer->reset();

				_style('reset_complete');
			}
			break;
		default:
			break;
	}

	//
	// Signup data
	//
	if (sizeof($error)) {
		_style('error', array(
			'MESSAGE' => parse_error($error))
		);
	}

	$s_genres_select = '';
	$genres = array(1 => 'MALE', 2 => 'FEMALE');
	foreach ($genres as $id => $value) {
		$s_genres_select .= '<option value="' . $id . '"' . (($v_fields['gender'] == $id) ? ' selected="true"' : '') . '>' . lang($value) . '</option>';
	}

	$s_bday_select = '';
	for ($i = 1; $i < 32; $i++) {
		$s_bday_select .= '<option value="' . $i . '"' . (($v_fields['birthday_day'] == $i) ? 'selected="true"' : '') . '>' . $i . '</option>';
	}

	$s_bmonth_select = '';
	$months = array(1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October', 11 => 'November', 12 => 'December');
	foreach ($months as $id => $value)
	{
		$s_bmonth_select .= '<option value="' . $id . '"' . (($v_fields['birthday_month'] == $id) ? ' selected="true"' : '') . '>' . $user->lang['datetime'][$value] . '</option>';
	}

	$s_byear_select = '';
	$current_year = date('Y');
	for ($i = ($current_year - 1); $i > $current_year - 102; $i--)
	{
		$s_byear_select .= '<option value="' . $i . '"' . (($v_fields['birthday_year'] == $i) ? ' selected="true"' : '') . '>' . $i . '</option>';
	}

	$v_fields['birthday'] = false;

	if (isset($error['birthday'])) {
		$v_fields['birthday'] = true;
	}

	$s_hidden = w();
	if ($need_auth) {
		$s_hidden = array('admin' => 1);
	}

	if (!isset($v_fields['refby'])) {
		$v_fields['refby'] = '';
	}

	$layout_vars = array(
		'IS_NEED_AUTH' => $need_auth,
		'IS_LOGIN' => $login,
		'CUSTOM_MESSAGE' => $box_text,
		'S_HIDDEN_FIELDS' => s_hidden($s_hidden),

		'U_SIGNIN' => s_link('signin'),
		'U_SIGNUP' => s_link('signup'),
		'U_SIGNOUT' => s_link('signout'),
		'U_PASSWORD' => s_link('signr'),

		'V_USERNAME' => $v_fields['username'],
		'V_KEY' => $v_fields['key'],
		'V_KEY_CONFIRM' => $v_fields['key_confirm'],
		'V_EMAIL' => $v_fields['email'],
		'V_REFBY' => $v_fields['refby'],
		'V_GENDER' => $s_genres_select,
		'V_BIRTHDAY_DAY' => $s_bday_select,
		'V_BIRTHDAY_MONTH' => $s_bmonth_select,
		'V_BIRTHDAY_YEAR' => $s_byear_select,
		'V_TOS' => ($v_fields['tos']) ? ' checked="true"' : '',
		'PAGE_MODE' => ''
	);

	foreach ($v_fields as $k => $v) {
		$layout_vars['E_' . strtoupper($k)] = (isset($error[$k])) ? true : false;
	}

	if ($login) {
		$ref = request_var('ref', '');

		_style('error', array(
			'LASTPAGE' => ($ref != '') ? $ref : s_link())
		);
	}

	$box_text = (!empty($box_text)) ? lang($box_text, $box_text) : '';

	page_layout('LOGIN2', 'login', $layout_vars);
}
Esempio n. 5
0
$errors = array();
$username = request_var('un', '');
$password = request_var('upw', '');
if (empty($username) || empty($password)) {
    $errors[] = 'Debe completar todos los datos requeridos.';
}
if (!sizeof($errors)) {
    $sql = 'SELECT *
		FROM _users
		WHERE username = ?';
    if (!($userdata = sql_fieldrow(sql_filter($sql, $username)))) {
        $errors[] = 'El nombre de usuario es inv&aacute;lido.';
    }
}
if (isset($userdata) && sizeof($userdata) && !sizeof($errors)) {
    if (ValidatePassword($password, $userdata['user_password'])) {
        $user->session_create($userdata['user_id']);
        $user->auth = $user->get_auth($user->data['user_id']);
        if (!$user->auth['auth_access']) {
            $user->session_kill();
        }
        $user->session_auth();
        redirect('cover');
    } else {
        $errors[] = 'La contrase&ntilde;a es inv&aacute;lida.';
    }
}
//
if (sizeof($errors)) {
    login($errors);
}
Esempio n. 6
0
function UpdatePassword($Action)
{
    $Email = ValidateSession($Action);
    $OldPassword = stripslashes($_POST["D1"]);
    $NewPassword = stripslashes($_POST["D2"]);
    $UserData = FetchUser($Action, $Email);
    $HashedPassword = $UserData['Password'];
    $PasswordResponse = ValidatePassword($OldPassword, $HashedPassword);
    if ($Email == $UserData['Email'] && $PasswordResponse == 1) {
        $NewHashedPassword = HashIt($NewPassword);
        global $PDOconn;
        $Query = 'CALL UpdatePassword (?, ?)';
        $Statement = $PDOconn->prepare($Query);
        $Statement->bindParam(1, $NewHashedPassword, PDO::PARAM_STR, 64);
        $Statement->bindParam(2, $Email, PDO::PARAM_STR, 45);
        Execute($Action, $Statement);
        $ActivityMSG = "Your password was changed.";
        AddActivity($Action, $Email, $ActivityMSG);
        mail($Email, "Password was changed", "Your password was changed.");
        echo json_encode("pupdated");
        $PDOconn = null;
    } else {
        echo json_encode("xupdated");
    }
}
Esempio n. 7
0
    protected function _in_home()
    {
        global $bio, $core, $warning;
        if (!_button()) {
            return;
        }
        $v = $this->__(w('page address key'));
        if ($bio->v('auth_member')) {
            redirect($v->page);
        }
        if (empty($v->address)) {
            $warning->set('LOGIN_ERROR');
        }
        if (_button('recovery')) {
            $sql = 'SELECT bio_id, bio_name, bio_address, bio_recovery
				FROM _bio
				WHERE bio_address = ?
					AND bio_id <> ?
					AND bio_id NOT IN (
						SELECT ban_userid
						FROM _banlist
					)';
            if ($recovery = sql_fieldrow(sql_filter($sql, $v->address, 1))) {
                $email = array('USERNAME' => $recovery->bio_name, 'U_RECOVERY' => _link('my', array('recovery', 'k' => _rainbow_create($recovery->bio_id))), 'U_PROFILE' => _link('-', $recovery->bio_nickname));
                $core->email->init('info', 'bio_recovery', $email);
                $core->email->send($recovery->bio_address);
                $sql = 'UPDATE _bio SET bio_recovery = bio_recovery + 1
					WHERE bio_id = ?';
                sql_query(sql_filter($sql, $recovery->bio_id));
            }
            $this->_stop('RECOVERY_LEGEND');
        }
        if (empty($v->key)) {
            $warning->set('login_fail');
        }
        $v->register = false;
        $v->field = email_format($v->address) ? 'address' : 'name';
        $sql = 'SELECT address_bio
			FROM _bio_address
			WHERE address_name = ?';
        if ($bio_address = sql_field(sql_filter($sql, $v->address), 'address_bio', 0)) {
            $sql = 'SELECT bio_id, bio_key, bio_fails
				FROM _bio
				WHERE bio_id = ?
					AND bio_active = ?';
            if ($_bio = sql_fieldrow(sql_filter($sql, $bio_address, 1))) {
                if (ValidatePassword($v->key, $_bio->bio_key)) {
                    if ($_bio->bio_fails) {
                        $sql = 'UPDATE _bio SET bio_fails = 0
							WHERE bio_id = ?';
                        sql_query(sql_filter($sql, $_bio->bio_id));
                    }
                    $bio->session_create($_bio->bio_id);
                    redirect($v->page);
                }
                if ($_bio->bio_fails == $core->v('account_failcount')) {
                    // TODO: Captcha system if failcount reached
                    // TODO: Notification about blocked account
                    _fatal(508);
                }
                $sql = 'UPDATE _bio SET bio_fails = bio_fails + 1
					WHERE bio_id = ?';
                sql_query(sql_filter($sql, $_bio->bio_id));
                sleep(5);
                for ($i = 1; $i < 32; $i++) {
                    if ($i == 1) {
                        _style('birth_day');
                    }
                    _style('birth_day.row', array('DAY' => $i));
                }
                for ($i = 1; $i < 13; $i++) {
                    if ($i == 1) {
                        _style('birth_month');
                    }
                    _style('birth_month.row', array('MONTH' => $i));
                }
                for ($i = date('Y'); $i > 1900; $i--) {
                    if ($i == date('Y')) {
                        _style('birth_year');
                    }
                    _style('birth_year.row', array('YEAR' => $i));
                }
                _style('error', array('MESSAGE' => 'Los datos ingresados son inv&aacute;lidos, por favor intenta nuevamente.'));
                return;
            }
        } else {
            $v->register = true;
        }
        if ($v->register) {
            $this->_up_home();
        }
        return;
    }