function set_admin_pass($password) { global $settings, $userdata; if ($settings['login_method'] == "cookies") { if (!isset($_COOKIE[COOKIE_PREFIX . 'admin']) && encrypt_pw($password) == $userdata['user_admin_password']) { setcookie(COOKIE_PREFIX . "admin", encrypt_pw_part1($password), time() + 3600, "/", "", "0"); } } elseif ($settings['login_method'] == "sessions") { if (!isset($_SESSION[COOKIE_PREFIX . 'admin']) && encrypt_pw($password) == $userdata['user_admin_password']) { $_SESSION[COOKIE_PREFIX . 'admin'] = encrypt_pw_part1($password); } } }
function encrypt_pw($string) { return encrypt_pw_part2(encrypt_pw_part1($string)); }
return true; } function valid_session($id) { if (preg_check("/^[0-9a-z]+\$/", $id)) { return $id; } else { return ""; } } session_set_save_handler("open_session", "close_session", "read_session", "write_session", "destroy_session", "gc_session"); session_set_cookie_params(60 * 24 * 30, "/", "", false); session_start(); if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) { $user_name = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($_POST['user_name'])); $user_pass = encrypt_pw_part1($_POST['user_pass']); $result = dbquery("SELECT user_id, user_name, user_status, user_actiontime \r\n\tFROM " . DB_USERS . " WHERE user_name='" . $user_name . "' AND user_password='******' LIMIT 1"); if (dbrows($result)) { $data = dbarray($result); $session_value = $data['user_id'] . "." . $user_pass; if ($data['user_status'] == 0 && $data['user_actiontime'] == 0) { $_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id']; $_SESSION[COOKIE_PREFIX . 'user_pass'] = $user_pass; redirect(BASEDIR . "setuser.php?user="******"setuser.php?error=1&id=" . $data['user_id'], true); } elseif ($data['user_status'] == 2) { redirect(BASEDIR . "setuser.php?error=2", true); } elseif ($data['user_status'] == 3) { if ($data['user_actiontime'] < time()) { $_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id'];
} } } if (!$error) { if (isset($_POST['del_avatar'])) { @unlink(IMAGES . "avatars/" . $user_data['user_avatar']); $set_avatar = ", user_avatar=''"; } if ($user_new_password) { $new_pass = "******" . encrypt_pw($user_new_password) . "', "; // Set new session / cookie if ($settings['login_method'] == "cookies") { header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'"); setcookie(COOKIE_PREFIX . "user", $user_data['user_id'] . "." . encrypt_pw_part1($user_new_password), time() + 3600 * 3, "/", "", "0"); } elseif ($settings['login_method'] == "sessions") { $_SESSION[COOKIE_PREFIX . 'user_pass'] = encrypt_pw_part1($user_new_password); } } else { $new_pass = "******"; } if (iADMIN && $user_new_admin_password) { $new_admin_pass = "******" . encrypt_pw($user_new_admin_password) . "', "; } else { $new_admin_pass = "******"; } $result = dbquery("UPDATE " . DB_USERS . " SET user_name='{$user_name}'," . $new_pass . $new_admin_pass . "user_email='{$user_email}', user_hide_email='{$user_hide_email}'" . ($set_avatar ? $set_avatar : "") . $db_values . " WHERE user_id='" . $user_data['user_id'] . "'"); redirect(make_url("edit_profile.php?update_profile=ok", "edit_profile-update_profile-ok", "", ".html")); // Pimped: make_url } else { echo "<div style='text-align:center'><strong>" . $locale['412'] . "</strong><br />\n" . $error . "<br />\n</div>\n"; }