$step = $_POST["step"]; } if(count($_POST)){ // THIS IS THE WORK STEP switch ($step){ case 5: if(!empty($_POST["admin_user"]) && !empty($_POST["admin_pass"]) && !empty($_POST["admin_pass2"]) && !empty($_POST["admin_email"])){ if($_POST["admin_pass"]!=$_POST["admin_pass2"]){ echo "The password fields do not match<br />"; $step=4; } elseif(phorum_user_check_login($_POST["admin_user"], $_POST["admin_pass"])){ if($PHORUM["user"]["admin"]){ echo "Admin user already exists and has permissions<br />"; } else { echo "That user already exists but does not have admin permissions<br />"; $step=4; } } else { // add the user $user = array( "username"=>$_POST["admin_user"], "password"=>$_POST["admin_pass"], "email"=>$_POST["admin_email"], "active"=>1, "admin"=>1 ); if(!phorum_user_add($user)){ echo "There was an error adding the user.<br />"; $step=4;
} // The user wants to login. else { // Check if the phorum_tmp_cookie was set. If not, the user's // browser does not support cookies. if($PHORUM["use_cookies"] && !isset($_COOKIE["phorum_tmp_cookie"])) { $PHORUM["use_cookies"] = false; } $username = trim($_POST["username"]); $password = trim($_POST["password"]); // Check if the login credentials are right. if (phorum_user_check_login($username, $password)) { // Destroy the temporary cookie. if(isset($_COOKIE["phorum_tmp_cookie"])){ setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] ); } // Create an URI session id if cookies are not used.. if(!$PHORUM["use_cookies"]) { $uri_session_id = md5($_POST['username'].microtime().$_POST['password']); $user = array( 'user_id' => $PHORUM['user']['user_id'], 'sessid_st'=> $uri_session_id ); phorum_user_save_simple($user); phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);
// it under the terms of either the current Phorum License (viewable at // // phorum.org) or the Phorum License that was distributed with this file // // // // This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY, without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // // // // You should have received a copy of the Phorum License // // along with this program. // //////////////////////////////////////////////////////////////////////////////// // don't allow this page to be loaded directly if(!defined("PHORUM_ADMIN")) exit(); if(isset($_POST["username"]) && isset($_POST["password"])){ if(phorum_user_check_login($_POST["username"], $_POST["password"])!=0){ if($PHORUM["user"]["admin"]){ phorum_user_create_session(PHORUM_SESSION_ADMIN); if(!empty($_POST["target"])){ phorum_redirect_by_url($_POST['target']); } else { phorum_redirect_by_url($_SERVER['PHP_SELF']); } exit(); } } } include_once "./include/admin/PhorumInputForm.php"; $frm = new PhorumInputForm ("", "post");