$tpl->out(1); } $tpl->set_ar_out($row, 2); profilefields_change($_SESSION['authid']); $tpl->out(3); } else { $tpl = new tpl('user/login.htm'); $tpl->set_out('WDLINK', 'index.php', 0); } } elseif ($csrfCheck) { # submit # change poassword if (!empty($_POST['np1']) and !empty($_POST['np2']) and !empty($_POST['op'])) { if ($_POST['np1'] == $_POST['np2']) { $akpw = db_result(db_query("SELECT pass FROM prefix_user WHERE id = " . $_SESSION['authid']), 0); if (user_pw_check($_POST['op'], $akpw)) { $newpw = user_pw_crypt($_POST['np1']); db_query("UPDATE prefix_user SET pass = '******' WHERE id = " . $_SESSION['authid']); user_set_cookie($_SESSION['authid'], $newpw); $fmsg = $lang['passwortchanged']; } else { $fmsg = $lang['passwortwrong']; } } else { $fmsg = $lang['passwortnotequal']; } } # avatar speichern START $avatar_sql_update = ''; if (!empty($_FILES['avatarfile']['name']) and $allgAr['forum_avatar_upload']) { $file_tmpe = $_FILES['avatarfile']['tmp_name'];
function user_login_check() { if (isset($_POST['user_login_sub']) and isset($_POST['name']) and isset($_POST['pass'])) { debug('posts vorhanden'); $name = escape_nickname($_POST['name']); if ($name != $_POST['name'] or strlen($_POST['name']) > 15) { return false; } $erg = db_query("SELECT name,id,recht,pass,llogin FROM prefix_user WHERE name = BINARY '" . $name . "'"); if (db_num_rows($erg) == 1) { debug('user gefunden'); $row = db_fetch_assoc($erg); if (user_pw_check($_POST['pass'], $row['pass'], $row['id'])) { debug('passwort stimmt ... ' . $row['name']); $_SESSION['authname'] = $row['name']; $_SESSION['authid'] = $row['id']; $_SESSION['authright'] = $row['recht']; $_SESSION['lastlogin'] = $row['llogin']; $_SESSION['authsess'] = session_und_cookie_name(); db_query("UPDATE prefix_online SET uid = " . $_SESSION['authid'] . " WHERE sid = '" . session_id() . "'"); user_set_cookie($row['id'], $row['pass']); user_set_grps_and_modules(); return true; } } global $menu; $menu->set_url(0, 'user'); $menu->set_url(1, 'login'); } return false; }