Esempio n. 1
0
function set_admin_pass($password)
{
    global $settings, $userdata;
    if ($settings['login_method'] == "cookies") {
        if (!isset($_COOKIE[COOKIE_PREFIX . 'admin']) && encrypt_pw($password) == $userdata['user_admin_password']) {
            setcookie(COOKIE_PREFIX . "admin", encrypt_pw_part1($password), time() + 3600, "/", "", "0");
        }
    } elseif ($settings['login_method'] == "sessions") {
        if (!isset($_SESSION[COOKIE_PREFIX . 'admin']) && encrypt_pw($password) == $userdata['user_admin_password']) {
            $_SESSION[COOKIE_PREFIX . 'admin'] = encrypt_pw_part1($password);
        }
    }
}
Esempio n. 2
0
function encrypt_pw($string)
{
    return encrypt_pw_part2(encrypt_pw_part1($string));
}
Esempio n. 3
0
    return true;
}
function valid_session($id)
{
    if (preg_check("/^[0-9a-z]+\$/", $id)) {
        return $id;
    } else {
        return "";
    }
}
session_set_save_handler("open_session", "close_session", "read_session", "write_session", "destroy_session", "gc_session");
session_set_cookie_params(60 * 24 * 30, "/", "", false);
session_start();
if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
    $user_name = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($_POST['user_name']));
    $user_pass = encrypt_pw_part1($_POST['user_pass']);
    $result = dbquery("SELECT user_id, user_name, user_status, user_actiontime \r\n\tFROM " . DB_USERS . " WHERE user_name='" . $user_name . "' AND user_password='******' LIMIT 1");
    if (dbrows($result)) {
        $data = dbarray($result);
        $session_value = $data['user_id'] . "." . $user_pass;
        if ($data['user_status'] == 0 && $data['user_actiontime'] == 0) {
            $_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id'];
            $_SESSION[COOKIE_PREFIX . 'user_pass'] = $user_pass;
            redirect(BASEDIR . "setuser.php?user="******"setuser.php?error=1&id=" . $data['user_id'], true);
        } elseif ($data['user_status'] == 2) {
            redirect(BASEDIR . "setuser.php?error=2", true);
        } elseif ($data['user_status'] == 3) {
            if ($data['user_actiontime'] < time()) {
                $_SESSION[COOKIE_PREFIX . 'user_id'] = $data['user_id'];
Esempio n. 4
0
        }
    }
}
if (!$error) {
    if (isset($_POST['del_avatar'])) {
        @unlink(IMAGES . "avatars/" . $user_data['user_avatar']);
        $set_avatar = ", user_avatar=''";
    }
    if ($user_new_password) {
        $new_pass = "******" . encrypt_pw($user_new_password) . "', ";
        // Set new session / cookie
        if ($settings['login_method'] == "cookies") {
            header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
            setcookie(COOKIE_PREFIX . "user", $user_data['user_id'] . "." . encrypt_pw_part1($user_new_password), time() + 3600 * 3, "/", "", "0");
        } elseif ($settings['login_method'] == "sessions") {
            $_SESSION[COOKIE_PREFIX . 'user_pass'] = encrypt_pw_part1($user_new_password);
        }
    } else {
        $new_pass = "******";
    }
    if (iADMIN && $user_new_admin_password) {
        $new_admin_pass = "******" . encrypt_pw($user_new_admin_password) . "', ";
    } else {
        $new_admin_pass = "******";
    }
    $result = dbquery("UPDATE " . DB_USERS . " SET user_name='{$user_name}'," . $new_pass . $new_admin_pass . "user_email='{$user_email}', user_hide_email='{$user_hide_email}'" . ($set_avatar ? $set_avatar : "") . $db_values . " WHERE user_id='" . $user_data['user_id'] . "'");
    redirect(make_url("edit_profile.php?update_profile=ok", "edit_profile-update_profile-ok", "", ".html"));
    // Pimped: make_url
} else {
    echo "<div style='text-align:center'><strong>" . $locale['412'] . "</strong><br />\n" . $error . "<br />\n</div>\n";
}