$tpl->out(1);
}
$tpl->set_ar_out($row, 2);
profilefields_change($_SESSION['authid']);
$tpl->out(3);
} else {
$tpl = new tpl('user/login.htm');
$tpl->set_out('WDLINK', 'index.php', 0);
}
} elseif ($csrfCheck) {
# submit
# change poassword
if (!empty($_POST['np1']) and !empty($_POST['np2']) and !empty($_POST['op'])) {
if ($_POST['np1'] == $_POST['np2']) {
$akpw = db_result(db_query("SELECT pass FROM prefix_user WHERE id = " . $_SESSION['authid']), 0);
if (user_pw_check($_POST['op'], $akpw)) {
$newpw = user_pw_crypt($_POST['np1']);
db_query("UPDATE prefix_user SET pass = '******' WHERE id = " . $_SESSION['authid']);
user_set_cookie($_SESSION['authid'], $newpw);
$fmsg = $lang['passwortchanged'];
} else {
$fmsg = $lang['passwortwrong'];
}
} else {
$fmsg = $lang['passwortnotequal'];
}
}
# avatar speichern START
$avatar_sql_update = '';
if (!empty($_FILES['avatarfile']['name']) and $allgAr['forum_avatar_upload']) {
$file_tmpe = $_FILES['avatarfile']['tmp_name'];
function user_login_check()
{
if (isset($_POST['user_login_sub']) and isset($_POST['name']) and isset($_POST['pass'])) {
debug('posts vorhanden');
$name = escape_nickname($_POST['name']);
if ($name != $_POST['name'] or strlen($_POST['name']) > 15) {
return false;
}
$erg = db_query("SELECT name,id,recht,pass,llogin FROM prefix_user WHERE name = BINARY '" . $name . "'");
if (db_num_rows($erg) == 1) {
debug('user gefunden');
$row = db_fetch_assoc($erg);
if (user_pw_check($_POST['pass'], $row['pass'], $row['id'])) {
debug('passwort stimmt ... ' . $row['name']);
$_SESSION['authname'] = $row['name'];
$_SESSION['authid'] = $row['id'];
$_SESSION['authright'] = $row['recht'];
$_SESSION['lastlogin'] = $row['llogin'];
$_SESSION['authsess'] = session_und_cookie_name();
db_query("UPDATE prefix_online SET uid = " . $_SESSION['authid'] . " WHERE sid = '" . session_id() . "'");
user_set_cookie($row['id'], $row['pass']);
user_set_grps_and_modules();
return true;
}
}
global $menu;
$menu->set_url(0, 'user');
$menu->set_url(1, 'login');
}
return false;
}
