function check_login_member($level_code)
{
// is this user banned?
global $_bans;
if (isset($_bans[_PUNISH_BANUSER_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['user'], $_bans[_PUNISH_BANUSER_])) {
die;
} elseif (isset($_bans[_PUNISH_BANIP_]) && in_array(sprintf('%u', ip2long($_SERVER['REMOTE_ADDR'])), $_bans[_PUNISH_BANIP_])) {
die;
} elseif (isset($_bans[_PUNISH_BANEMAIL_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['email'], $_bans[_PUNISH_BANEMAIL_])) {
die;
}
global $dbtable_prefix;
if (!isset($GLOBALS['_access_level'][$level_code])) {
$GLOBALS['_access_level'][$level_code] = 0;
// no access allowed if level not defined
}
// ask visitors to login if they land on a page that doesn't allow guests
if (!($GLOBALS['_access_level'][$level_code] & 1) && empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
$_SESSION[_LICENSE_KEY_]['user']['timedout'] = array('url' => (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'], 'method' => $_SERVER['REQUEST_METHOD'], 'qs' => $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST);
redirect2page('login.php');
}
// unset($_SESSION[_LICENSE_KEY_]['user']['timedout']);
if (($GLOBALS['_access_level'][$level_code] & $_SESSION[_LICENSE_KEY_]['user']['membership']) != $_SESSION[_LICENSE_KEY_]['user']['membership']) {
redirect2page('info.php', array(), 'type=access');
// no access to this feature
}
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['pstat'] < STAT_APPROVED && empty($GLOBALS['_allow_na'][$level_code])) {
redirect2page('info.php', array(), 'type=profile_na');
// no access to this feature until the profile gets approved
}
$user_id = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
if (USE_DB_SESSIONS == 0) {
$now = gmdate('YmdHis');
$query = "UPDATE `{$dbtable_prefix}online` SET `last_activity`='{$now}' WHERE `fk_user_id`={$user_id} AND `sess`='" . session_id() . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!mysql_affected_rows()) {
$query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`={$user_id},`sess`='" . session_id() . "',`last_activity`='{$now}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
// log and rate limit
$log['level'] = $level_code;
$log['user_id'] = $user_id;
$log['sess'] = session_id();
$log['user'] = $_SESSION[_LICENSE_KEY_]['user']['user'];
$log['membership'] = $_SESSION[_LICENSE_KEY_]['user']['membership'];
$log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
if ($level_code != 'all' && $level_code != 'auth') {
rate_limiter($log);
log_user_action($log);
}
}
static function login_by_id($user_id)
{
global $dbtable_prefix;
EtanoApi::load_common();
if (is_file(_BASEPATH_ . '/events/processors/login.php')) {
include_once _BASEPATH_ . '/events/processors/login.php';
}
require_once _BASEPATH_ . '/skins_site/' . EtanoApi::get_my_skin() . '/lang/login.inc.php';
$score_threshold = 600;
// seconds
$error = false;
$topass = array();
$nextpage = 'login.php';
$qs = '';
$qssep = '';
$log['level'] = 'login';
$log['user_id'] = $user_id;
$log['sess'] = session_id();
// $log['user']=$user;
// $log['membership']=$_SESSION[_LICENSE_KEY_]['user']['membership'];
$log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
log_user_action($log);
rate_limiter($log);
$query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_ID . "`={$user_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$user = mysql_fetch_assoc($res);
$user['membership'] = (int) $user['membership'];
$user['user_id'] = (int) $user['user_id'];
if ($user['status'] == ASTAT_ACTIVE) {
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
$user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments'));
$score = 0;
// it might happen that the user is already logged in. Don't add the login score if that's the case.
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!mysql_num_rows($res)) {
$score += add_member_score($user['user_id'], 'login', 1, true);
// just read the value
}
if ($user['last_activity'] < $time - $score_threshold) {
$score += add_member_score($user['user_id'], 'login_bonus', 1, true);
// just read the value
}
if (!empty($score)) {
add_member_score($user['user_id'], 'force', 1, false, $score);
}
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (USE_DB_SESSIONS == 1) {
$query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`=" . $user['user_id'] . ",`sess`='" . session_id() . "',`sess_data`='" . sanitize_and_format(serialize($_SESSION), TYPE_STRING, FORMAT_ADDSLASH) . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
unset($user['last_activity'], $user['email']);
$_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user);
$_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
if (isset($_on_after_login)) {
for ($i = 0; isset($_on_after_login[$i]); ++$i) {
call_user_func($_on_after_login[$i]);
}
}
} elseif ($user['status'] == ASTAT_UNVERIFIED) {
throw new Exception('', ASTAT_UNVERIFIED);
} elseif ($user['status'] == ASTAT_SUSPENDED) {
throw new Exception($GLOBALS['_lang'][71], ASTAT_SUSPENDED);
}
} else {
throw new Exception($GLOBALS['_lang'][72], 0);
}
return true;
}
$topass = array();
$nextpage = 'login.php';
$qs = '';
$qssep = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$user = strtolower(sanitize_and_format_gpc($_POST, 'user', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''));
$pass = sanitize_and_format_gpc($_POST, 'pass', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!empty($user) && !empty($pass)) {
$log['level'] = 'login';
$log['user_id'] = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
$log['sess'] = session_id();
$log['user'] = $user;
$log['membership'] = $_SESSION[_LICENSE_KEY_]['user']['membership'];
$log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
log_user_action($log);
rate_limiter($log);
$query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_USER . "`='{$user}' AND a.`" . USER_ACCOUNT_PASS . "`=" . PASSWORD_ENC_FUNC . "('{$pass}')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$user = mysql_fetch_assoc($res);
$user['membership'] = (int) $user['membership'];
$user['user_id'] = (int) $user['user_id'];
if ($user['status'] == ASTAT_ACTIVE) {
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
$user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments'));
$score = 0;
// it might happen that the user is already logged in. Don't add the login score if that's the case.
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {