* For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ require_once '../../admin-includes/admin.base.inc.php'; session_start(); session_regenerate_id(true); $login = new login(); if (isset($_POST['action']) && $_POST['action'] == 'login' && isset($_POST['username']) && isset($_POST['password'])) { $usersIP = getenv("REMOTE_ADDR"); //////////////////////////////////////////////////// // check user's IP is not slamming the site then login //////////////////////////////////////////////////// if ($login->checkIP($usersIP) === true) { $username = trim($_POST['username']); $password = trim($_POST['password']); if ($login->processLogin($username, $password)) { $_SESSION['justLoggedIn'] = true; echo json_encode(array('msg' => 'Yup', 'result' => true)); exit; } else { echo json_encode(array('msg' => 'Incorrect_login', 'result' => false)); exit; } } else { // someone is trying a brute force. allowed 10 attempts then we ban them for 30 minutes echo json_encode(array('msg' => 'IP_locked', 'result' => false)); exit; } } if (isset($_POST['action']) && $_POST['action'] == 'login' && isset($_POST['userID']) && isset($_POST['password'])) { ////////////////////////////////////////////////////
} $pass = $this->generatePassword(6); $md5 = md5($pass); $url = $this->getSetting("atikit_url"); $this->query("UPDATE users SET user_password='******' WHERE id='{$user['id']}'"); $this->sendMail($email, "Your new password", "\nWe have received a password change request for your account.\n\t\t\t\t\nYour new password is: {$pass}\n\t\t\t\t\nYou can change this by logging into the support portal at {$url} and clicking Options / My Profile"); $json = []; $json['gtitle'] = 'Password Sent'; $json['gbody'] = 'Your new password has been sent.'; $json['action'] = 'fade'; $this->jsone('success', $json); } } $mod = new login(); if (isset($_POST['email'])) { $mod->processLogin($_POST); } else { if (isset($_GET['signup'])) { $mod->signup(); } else { if (isset($_POST['createAccount'])) { $mod->createAccount($_POST); } else { if (isset($_POST['sendPassword'])) { $mod->sendPassword($_POST); } else { $mod->loginForm(); } } } }