function chk_username($username, $registered_id = null) { global $epsclass, $eps_lang; if (!$this->chk_length($username, 2, 25, $eps_lang['Username'])) { return false; } if (!preg_match('#[\\[\\]\\"\'\\?\\(\\)\\<\\>\\{\\};]#ui', $username)) { if (!preg_match('#(^[0-9]+$)|(^[^a-z0-9]+$)#ui', $username)) { $username = eps_strtolower($username); if ($username == 'guest' || $username == eps_strtolower($eps_lang['Guest']) || $username == 'admin' || $username == eps_strtolower($eps_lang['Admin'])) { $this->errors[] = $eps_lang['Validate_username']; return false; } else { $sql = "SELECT 1 FROM " . TBL_USER . " WHERE (LOWER(username)='" . $epsclass->db->escape($username) . "' OR LOWER(username)='" . $epsclass->db->escape(preg_replace('#[^\\w]#u', '', $username)) . "')"; if ($registered_id > 0) { $sql .= ' AND id!=' . $registered_id; } $result = $epsclass->db->query($sql) or error('Unable to fetch user info', __FILE__, __LINE__, $epsclass->db->error()); if ($epsclass->db->num_rows($result)) { $this->errors[] = $eps_lang['Username'] . ': ' . $eps_lang['Validate_duplicate']; $epsclass->db->free_result($result); return false; } else { $epsclass->db->free_result($result); return true; } } } else { $this->errors[] = $eps_lang['Username'] . ': ' . $eps_lang['Validate_invalid']; return false; } } else { $this->errors[] = $eps_lang['Username'] . ': ' . $eps_lang['Validate_invalid_char']; return false; } }
// Clean $username = trim($_POST['req_username']); $password = trim($_POST['req_password']); $auto = isset($_POST['auto']) ? true : false; // Validate $epsclass->validate->chk_empty($username, $eps_lang['Username']); $epsclass->validate->chk_empty($password, $eps_lang['Password']); // Anti-Flood if (!$epsclass->antiflood->verify('login', 2)) { @($confirm_code = trim($_POST['req_confirmcode'])); if ($epsclass->validate->chk_empty($confirm_code, $eps_lang['Confirm_code'])) { $epsclass->validate->chk_match($confirm_code, eps_encrypt($_SESSION['visual'], 6), $eps_lang['Confirm_code']); } } if (empty($epsclass->validate->errors)) { $username_tmp = eps_strtolower($username); //$result = $epsclass->db->query("SELECT id,password,group_id,active FROM ".TBL_USER." WHERE LOWER(username)='".$epsclass->db->escape($username_tmp)."'") or error('Unable to fetch user info', __FILE__, __LINE__, $epsclass->db->error()); $result = $epsclass->db->vselect(TBL_USER, array('id', 'password', 'group_id', 'active'), "WHERE LOWER(username)='" . $epsclass->db->escape($username_tmp) . "'", true); if ($epsclass->db->num_rows($result) == 1) { list($user_id, $db_password, $group_id, $active) = $epsclass->db->fetch_row($result); $epsclass->db->free_result($result); // Check if (!$active && !IS_ADMIN) { $errors[] = $eps_lang['User_inactive']; } else { if ($db_password != eps_hash($password)) { $errors[] = $eps_lang['Password_wrong']; } else { // Set User With Password In Database set_user($user_id, $db_password, $auto); $epsclass->antiflood->update('login', 2);