} } else { if (is_numeric($_POST['accid'])) { $statement = $db->prepare("SELECT * FROM FB WHERE userid=" . $_POST['accid']); } else { $statement = $db->prepare("SELECT * FROM FB WHERE username='******'accid'] . "'"); } if ($statement) { $statement->execute(); $tempData = $statement->fetchAll(); $userOptions = readOptions($tempData[0]['useroptions']); $userOptions = checkUserOptions($userOptions); $userOptions['disableReason'] = $_POST['reason']; $userOptions['userDisabled'] = $userOptions['userDisabled'] == 2 ? 0 : !$userOptions['userDisabled']; $userId = $_POST['accid']; saveUserOptions(); } else { showHTML("User Disabling failed!"); } } header("Location: ./?users"); die; } $statement = $db->prepare("SELECT COUNT(*) FROM FB"); if ($statement) { $statement->execute(); } else { showHTML("Users Retrieval Failed!"); } $numr = $statement->fetchColumn(); if (!$numr) {
function checkLogin($user, $hashed_pass, $uid = 0) { global $dbName, $adminloggedIn, $loggedIn, $cookie, $warn, $step, $failImg, $lang; global $tempData, $userName, $fullname, $password, $userId, $userToken, $pageData, $groupData, $userOptions, $userIds; global $fb, $hardDemo; if ($db = new PDO('sqlite:' . $dbName . '-settings.db')) { //Is admin Login? $statement = $db->prepare("SELECT * FROM Settings"); if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Error while checking login/cookie information. Settings Database opened OK but statement execution failed."); } $tempData = $statement->fetchAll(); if (strcasecmp($user, $tempData[0]['admin']) == 0 && $hashed_pass === md5(decrypt($tempData[0]['adminpass']))) { $adminloggedIn = true; $cookie = base64_encode("{$user}:" . $hashed_pass); setcookie('FBMPGPLogin', $cookie); if (isset($_GET['logs'])) { showLogs(); } elseif (isset($_GET['rg']) && !$hardDemo) { //This refresh is used for Admin Token Install authRedirect(); } elseif (isset($_GET['users'])) { require_once 'includes/showusers.php'; } elseif (isset($_GET['crons'])) { require_once 'includes/showcrons.php'; } elseif (isset($_GET['clogs'])) { if (file_exists($dbName . '-logs.db')) { unlink($dbName . '-logs.db'); } header("Location: ./?logs"); exit; } else { showHTML(include_once 'includes/admin.php', $lang['Admin Panel']); } } } else { showHTML("{$failImg} Failed to open settings database while checking login information. Exiting..."); } if ($db = new PDO('sqlite:' . $dbName . '-users.db')) { $statement = $db->prepare("SELECT COUNT(*) FROM FB WHERE username = \"{$user}\""); if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Error while checking login/cookie information. Users Database opened OK but statement execution failed."); } if ($statement->fetchColumn() > 0) { if ($uid) { $statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\" AND userid = \"{$uid}\""); } else { $statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\""); } if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Users Database query failed while checking login information"); } $tempData = $statement->fetchAll(); if (!$tempData) { $warn = $lang['User does not exist']; showLogin(); } $userName = $tempData[0]['username']; $password = decrypt($tempData[0]['password']); $userToken = $tempData[0]['usertoken']; $fullname = $tempData[0]['fullname']; $pageData = $tempData[0]['pagedata']; $groupData = $tempData[0]['groupdata']; $userId = $tempData[0]['userid']; $userOptions = readOptions($tempData[0]['useroptions']); $userOptions = checkUserOptions($userOptions); $userOptions['lastActive'] = time(); saveUserOptions(); if ($uid) { $statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\""); if ($statement) { $statement->execute(); } else { showHTML("{$failImg} Users Database query failed while checking id information"); } $tempData = $statement->fetchAll(); } foreach ($tempData as $s) { $userIds[$s['fullname']] = $s['userid']; } } } else { showHTML("{$failImg} Failed to open users database while checking login information. Exiting..."); } if (strcasecmp($user, $userName) != 0 || $hashed_pass != md5($password)) { if (isset($_POST['un'])) { $warn = $lang['Incorrect login info']; } showLogin(); } $cookie = base64_encode("{$userName}:" . md5($password)); $loggedIn = true; }