} else { $md5_password = md5($password); $password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password); } if (preg_match("%^[A-Za-z][A-Za-z0-9]*_?[A-Za-z0-9]*\$%i", $email)) { $where = "m.username = '******'"; } else { $where = "m.email = '{$email}'"; } $query = $db->query("SELECT m.uid AS nw_uid, m.username AS nw_user, m.nickname AS nw_nick,m.password AS nw_pw,\r\n\t\t\t\t\tm.adminid, m.groupid, m.lastvisit\r\n\t\t\t\t\tFROM {$tablepre}members m\r\n\t\t\t\t\tWHERE {$where}"); $member = $db->fetch_array($query); if ($member['nw_uid'] && $member['nw_pw'] == $md5_password) { extract($member); $nw_userss = $nw_user; $nw_user = addslashes($nw_user); $nw_nick = addslashes($nw_nick); $styleid = 1; $cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] : ($_DCOOKIE['cookietime'] ? $_DCOOKIE['cookietime'] : 0)); GlobalCore::chobits_setcookie('cookietime', $cookietime, 31536000); GlobalCore::chobits_setcookie('auth', GlobalCore::authcode("{$nw_pw}\t{$nw_uid}", 'ENCODE'), $cookietime); $sessionexists = 0; GlobalCore::showmessage('login_succeed', NWDIR, 'DONE'); } $errorlog = GlobalCore::nwHtmlspecialchars($timestamp . "\t" . ($member['nw_user'] ? $member['nw_user'] : stripslashes($username)) . "\t" . $password . "\t" . $onlineip); GlobalCore::writelog('illegallog', $errorlog); GlobalCore::loginfailed($loginperm); GlobalCore::showmessage('login_invalid', NWDIR . '/login', 'HALTED'); } } else { GlobalCore::showmessage('undefined_action'); }
public static function nwReferer($default = '') { global $referer; $indexname = '/'; $default = empty($default) ? $indexname : ''; if (isset($_GET['nwReferer']) && !empty($_GET['nwReferer'])) { $referer = $_GET['nwReferer']; } elseif (isset($_POST['nwReferer']) && !empty($_POST['nwReferer'])) { $referer = $_POST['nwReferer']; } if (empty($referer) && isset($GLOBALS['_SERVER']['HTTP_REFERER'])) { $referer = $GLOBALS['_SERVER']['HTTP_REFERER']; $referer = substr($referer, -1) == '?' ? substr($referer, 0, -1) : $referer; } else { $referer = GlobalCore::nwHtmlspecialchars($referer); } //if(!preg_match("/(\.php|[a-z]+(\-\d+)+\.html)/", $referer) || strpos($referer, 'logging.php')) { if (strpos($referer, 'login')) { $referer = $default; } return $referer; }
public static function UpdateSettings() { global $db, $nw_uid, $nw_pw, $tablepre, $timestamp, $adminid, $basic_settings, $webservice_settings, $password_old, $password_new, $password_new2; $define_settings = self::FetchDefineSettings(); foreach ($define_settings as $key) { $val = GlobalCore::chobits_addslashes(trim($_POST[$key])); $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('{$key}', '{$val}')"); } if ($_POST['nickname']) { $nickname = GlobalCore::chobits_addslashes(GlobalCore::cutstr(GlobalCore::nwHtmlspecialchars($_POST['nickname']), 25, '')); $avatar = GlobalCore::chobits_addslashes(GlobalCore::nwHtmlspecialchars($_POST['avatar'])); $db->query("UPDATE {$tablepre}members SET nickname='{$nickname}',avatar='{$avatar}' WHERE uid = '{$nw_uid}'"); $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('avatar', '{$avatar}')"); } if ($_POST['password_new']) { if (md5($password_old) != $nw_pw) { GlobalCore::showmessage('profile_passwd_wrong', NULL, 'HALTED'); } if ($password_new) { if ($password_new != addslashes($password_new)) { GlobalCore::showmessage('profile_passwd_illegal'); } elseif ($password_new != $password_new2) { GlobalCore::showmessage('profile_passwd_notmatch'); } $newpasswd = md5($password_new); $db->query("UPDATE {$tablepre}members SET password ='******' WHERE uid = '{$nw_uid}'"); GlobalCore::showmessage('password_set_succeed', NWDIR . '/login', 'DONE'); } } self::UpdateSettingsCache(); GlobalCore::nwHeader('Location: ' . NWDIR . '/settings'); }