<?php if (isset($_POST["u"]) && isset($_POST["p"])) { $q = "SELECT * FROM users WHERE username='******' AND password='******'"; if (($r = @$m->query($q)) !== FALSE) { $row = @$r->fetch_object(); $r->close(); if ($row !== NULL) { $_SESSION["loggedin"] = TRUE; $_SESSION["u"] = $row; $q = "UPDATE users SET dt_lastlogin=NOW() WHERE id='" . $m->escape_string($row->id) . "'"; @$m->query($q); user_set_session_groups($row->id); /* $_SESSION["groups"] = array(); $q = "SELECT groups.*, group_admin FROM group_members LEFT JOIN groups ON group_id=groups.id WHERE user_id='". $m->escape_string($row->id) ."' ORDER BY groupname"; if(($r = @$m->query($q)) !== FALSE) { while($row = $r->fetch_object()) $_SESSION["groups"][$row->id] = array("group" => $row->groupname, "admin" => $row->group_admin, "dt_created" => $row->dt_created, "invite_code" => $row->invite_code); $r->close(); } else log_event("Login groups database error: $m->error. SQL: $q"); */ // Extract saved session cache, used for storing number of cracked hashes // for jobs for example $q = "SELECT * FROM sessioncache WHERE user_id='" . $m->escape_string($_SESSION["u"]->id) . "'"; if (($r = @$m->query($q)) !== FALSE) { if ($r->num_rows == 0) { $q = "INSERT INTO sessioncache SET user_id='" . $m->escape_string($_SESSION["u"]->id) . "', session='" . $m->escape_string(serialize(array())) . "'"; @$m->query($q);
if (!isset($_POST["g"]) || !isset($_GET["id"])) { break; } $q = "SELECT id FROM groups WHERE groupname='" . $m->escape_string($_POST["g"]) . "'"; $r = @$m->query($q); if ($r->num_rows != 0) { $page_error = "You're out of luck. Somebody else already created a group called '" . $_POST["g"] . "'. Try something different!"; $r->close(); break; } $r->close(); // Create group $invite_code = md5(md5($_POST["g"]) . date("YmdHiS") . (string) mt_rand()); $q = "INSERT INTO groups SET groupname='" . $m->escape_string($_POST["g"]) . "', invite_code='" . $m->escape_string($invite_code) . "'"; if (@$m->query($q) === FALSE) { $page_error = "Sorry, an internal database error occured. Your group was NOT created. Wait a while and try again."; break; } $group_id = $m->insert_id; // Add membership to the new group $q = "INSERT INTO group_members SET group_id='" . $m->escape_string($group_id) . "', user_id='" . $m->escape_string($_SESSION["u"]->id) . "', group_admin=1"; @$m->query($q); // Recalculate group memberships if (user_set_session_groups($_SESSION["u"]->id) === FALSE) { log_event("Failed to recalculate groups"); break; } $_SESSION["info"] = "Created a group called '" . $_POST["g"] . "'. Consider inviting other users to it!"; log_event("User " . $_SESSION["u"]->username . " created a group called " . $_POST["g"]); header("Location: {$root_url}" . "groups"); } while (0);