public function in()
{
global $user, $core;
if ($user->v('is_member')) {
redirect(_link());
}
if (_button()) {
$v = $this->__(w('username password lastpage'));
$userdata = w();
if (!f($v['username']) || !f($v['password']) || !preg_match('#^([a-z0-9\\_\\-]+)$#is', $v['username'])) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors()) {
$v['username'] = array_key(explode('@', $v['username']), 0);
$sql = 'SELECT *
FROM _members
WHERE user_username = ?
AND user_id <> ?
AND user_active = 1';
if (!($userdata = _fieldrow(sql_filter($sql, $v['username'], U_GUEST)))) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors()) {
if (!$core->v('signin_pop')) {
if (isset($userdata['user_password']) && $userdata['user_password'] === _password($v['password'])) {
$user->session_create($userdata['user_id']);
redirect($v['lastpage']);
}
$this->error('LOGIN_ERROR');
} else {
require_once XFS . 'core/pop3.php';
$pop3 = new pop3();
if (!$pop3->connect($core->v('mail_server'), $core->v('mail_port'))) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors() && !$pop3->user($v['username'])) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors() && !$pop3->pass($v['password'], false)) {
$this->error('LOGIN_ERROR');
}
$pop3->quit();
if (!$this->errors()) {
$user->session_create($userdata['user_id']);
redirect($v['lastpage']);
}
}
}
}
}
_login(false, $this->get_errors());
}
protected function _bio_publish($address, $key)
{
global $warning;
if (empty($address)) {
$warning->set('no_bio_address');
}
if (empty($key)) {
$warning->set('no_bio_key');
}
$v['field'] = email_format($address) !== false ? 'address' : 'alias';
// sql
$sql = 'SELECT bio_id, bio_key, bio_fails
FROM _bio
WHERE bio_?? = ?
AND bio_status = ?';
if ($_bio = sql_fieldrow(sql_filter($sql, $v['field'], $address, 1))) {
if ($_bio->bio_key === _password($key)) {
if ($_bio->bio_fails) {
$sql = 'UPDATE _bio SET bio_fails = 0
WHERE bio_id = ?';
sql_query(sql_filter($sql, $_bio->bio_id));
}
$bio->session_create($_bio->bio_id);
return true;
}
if ($_bio->bio_fails == $core->v('bio_maxfails')) {
// TODO: Captcha system if maxfail reached
_fatal(508);
}
$sql = 'UPDATE _bio SET bio_fails = bio_fails + 1
WHERE bio_id = ?';
sql_query(sql_filter($sql, $_bio->bio_id));
sleep(5);
$warning->set('login_error');
}
$alias = _low($this->extract_alias($address));
$alias_len = strlen($v['nickname']);
if ($alias_len < 1 || $alias_len > 20) {
$warning->set('alias_len');
}
// TODO: Continue work
return;
}
protected function _create_home()
{
global $user, $core;
if (_button()) {
gfatal();
$v = $this->__(array('autos' => 0, 'active' => 0, 'type' => 0, 'admin' => 0, 'firstname', 'lastname', 'show', 'username', 'gender', 'email', 'password'), 'contact');
$v['contact_username'] = _alias($v['contact_username']);
$sql = 'SELECT user_id
FROM _members
WHERE user_username = ?
AND user_active = 1';
if (_fieldrow(sql_filter($sql, $v['contact_username']))) {
$this->_error('#USERNAME_EXISTS');
}
$internal = 0;
if ($v['contact_type'] == 4) {
$internal = 1;
}
$type = 0;
if ($v['contact_admin'] && $internal) {
$type = 3;
}
$sql_insert = array('type' => $type, 'active' => $v['contact_active'], 'internal' => $internal, 'mtype' => (int) $v['contact_type'], 'login' => $v['contact_username'], 'username' => $v['contact_username'], 'firstname' => $v['contact_firstname'], 'lastname' => $v['contact_lastname'], 'password' => _password($v['contact_password']), 'name_show' => $v['contact_show'], 'email' => f($v['contact_email']) ? $v['contact_email'] : $v['contact_username'] . '@' . $core->v('domain'), 'gender' => $v['contact_gender'], 'date' => time(), 'dateformat' => 'd M Y H:i', 'timezone' => -6);
$sql = 'INSERT INTO _members' . _build_array('INSERT', prefix('user', $sql_insert));
$v['uid'] = _sql_nextid($sql);
foreach (w('index ticket ticket_create ticket_view_own ticket_mini chat') as $row) {
$user->auth_update($row, true, $v['uid']);
}
redirect(_link($this->m(), array('x1' => 'search', 'm' => $v['contact_username'])));
}
$mtype = $this->init_mtype();
foreach ($mtype as $row) {
_style('contact_type', array('ID' => $row['type_id'], 'NAME' => $row['type_name']));
}
return;
}
function _hash($v, $t = 1)
{
return _password($v, $t, 'md5');
}
protected function _in_home()
{
global $bio, $core;
$v = $this->__(w('page address key'));
if ($bio->v('auth_member')) {
redirect($v->page);
}
if (empty($v->address)) {
$this->warning->set('LOGIN_ERROR');
}
if (_button('recovery')) {
$sql = 'SELECT bio_id, bio_name, bio_address, bio_recovery
FROM _bio
WHERE bio_address = ?
AND bio_id <> ?
AND bio_id NOT IN (
SELECT ban_userid
FROM _banlist
)';
if ($recovery = sql_fieldrow(sql_filter($sql, $v->address, 1))) {
$email = array('USERNAME' => $recovery->bio_name, 'U_RECOVERY' => _link('my', array('recovery', 'k' => _rainbow_create($recovery->bio_id))), 'U_PROFILE' => _link('-', $recovery->bio_nickname));
$core->email->init('info', 'bio_recovery', $email);
$core->email->send($recovery->bio_address);
$sql = 'UPDATE _bio SET bio_recovery = bio_recovery + 1
WHERE bio_id = ?';
_sql(sql_filter($sql, $recovery->bio_id));
}
$this->_stop('RECOVERY_LEGEND');
}
if (empty($v->key)) {
$this->warning->set('login_fail');
}
$v->register = false;
$v->field = is_email($v->address) ? 'address' : 'name';
$sql = 'SELECT bio_id, bio_key, bio_fails
FROM _bio
WHERE bio_?? = ?
AND bio_blocked = ?';
if ($_bio = _fieldrow(sql_filter($sql, $v->field, $v->address, 0))) {
if ($_bio->bio_key === _password($v->key)) {
if ($_bio->bio_fails) {
$sql = 'UPDATE _bio SET bio_fails = 0
WHERE bio_id = ?';
_sql(sql_filter($sql, $_bio->bio_id));
}
$bio->session_create($_bio->bio_id);
redirect($v->page);
}
if ($_bio->bio_fails == $core->v('account_failcount')) {
// TODO: Captcha system if failcount reached
// TODO: Notification about blocked account
_fatal(508);
}
$sql = 'UPDATE _bio SET bio_fails = bio_fails + 1
WHERE bio_id = ?';
_sql(sql_filter($sql, $_bio->bio_id));
sleep(5);
$this->warning->set('login_fail');
} else {
$v->register = true;
}
if ($v->register) {
$this->_up_home();
}
return;
}