$logintpl->set("FALSE_PASSWORD", false, true);
$logintpl->set("login_username_incorrect", $language["ERR_USERNAME_INCORRECT"]);
login();
} elseif (md5($row["random"] . $row["password"] . $row["random"]) != md5($row["random"] . md5($pwd) . $row["random"])) {
$logintpl->set("FALSE_USER", false, true);
$logintpl->set("FALSE_PASSWORD", true, true);
$logintpl->set("login_password_incorrect", $language["ERR_PASSWORD_INCORRECT"]);
login();
} else {
logincookie($row["id"], md5($row["random"] . $row["password"] . $row["random"]));
if ($FORUMLINK == "smf" && $smf_pass == $row["passwd"]) {
set_smf_cookie($row["smf_fid"], $row["passwd"], $row["passwordSalt"]);
} elseif ($FORUMLINK == "smf" && $row["password"] == $row["passwd"]) {
$salt = substr(md5(rand()), 0, 4);
@mysql_query("UPDATE {$db_prefix}members SET passwd='{$smf_pass}', passwordSalt='{$salt}' WHERE ID_MEMBER=" . $row["smf_fid"]);
set_smf_cookie($row["smf_fid"], $smf_pass, $salt);
}
if (isset($_GET["returnto"])) {
$url = urldecode($_GET["returnto"]);
} else {
$url = "index.php";
}
redirect($url);
die;
}
} else {
$logintpl->set("FALSE_USER", false, true);
$logintpl->set("FALSE_PASSWORD", false, true);
login();
}
} else {
// call the logoutcookie function for good measure, just in case we have some old cookies that need destroying.
logoutcookie();
// Then login
logincookie($row, $user);
if (substr($FORUMLINK, 0, 3) == "smf" && $smf_pass == $row["passwd"]) {
$new_smf_salt = substr(md5(rand()), 0, 4);
do_sqlquery("UPDATE `{$db_prefix}members` SET " . ($FORUMLINK == "smf" ? "`passwordSalt`" : "`password_salt`") . "='" . $new_smf_salt . "' WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $row["smf_fid"], true);
set_smf_cookie($row["smf_fid"], $row["passwd"], $new_smf_salt);
} elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["pass_type"] == 1 && $row["password"] == $row["passwd"]) {
$salt = substr(md5(rand()), 0, 4);
do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$smf_pass}', " . ($FORUMLINK == "smf" ? "`passwordSalt`='{$salt}' WHERE `ID_MEMBER`" : "`password_salt`='{$salt}' WHERE `id_member`") . "=" . $row["smf_fid"]);
set_smf_cookie($row["smf_fid"], $smf_pass, $salt);
} elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["passwd"] == "ffffffffffffffffffffffffffffffffffffffff") {
$fix_pass = smf_passgen($user, $pwd);
do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='" . $fix_pass[0] . "', " . ($FORUMLINK == "smf" ? "`passwordSalt`='" . $fix_pass[1] . "' WHERE `ID_MEMBER`" : "`password_salt`='" . $fix_pass[1] . "' WHERE `id_member`") . "=" . $row["smf_fid"]);
set_smf_cookie($row["smf_fid"], $fix_pass[0], $fix_pass[1]);
} elseif ($FORUMLINK == "ipb") {
if ($row["members_pass_hash"] == "ffffffffffffffffffffffffffffffff") {
if (!defined('IPS_ENFORCE_ACCESS')) {
define('IPS_ENFORCE_ACCESS', true);
}
if (!defined('IPB_THIS_SCRIPT')) {
define('IPB_THIS_SCRIPT', 'public');
}
if (!isset($THIS_BASEPATH) || empty($THIS_BASEPATH)) {
$THIS_BASEPATH = dirname(__FILE__);
}
require_once $THIS_BASEPATH . '/ipb/initdata.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsController.php';
$registry = ipsRegistry::instance();
$email = mysqli_real_escape_string($DBDT, $user->email);
$regex = "/^[_+a-z0-9-]+(\\.[_+a-z0-9-]+)*" . "@[a-z0-9-]+(\\.[a-z0-9-]{1,})*" . "\\.([a-z]{2,}){1}\$/i";
if (!preg_match($regex, $email)) {
stderr($language["SORRY"], "E-mail is not valid");
exit;
}
if ($btit_settings["fbadmin"]) {
$res2 = do_sqlquery("SELECT `ul`.`admin_access` FROM `{$TABLE_PREFIX}users` `u` INNER JOIN `{$TABLE_PREFIX}users_level` `ul` ON `u`.`id_level`=`ul`.`id` WHERE `u`.`email` ='" . $email . "'", true);
$row2 = mysqli_fetch_assoc($res2);
if ($row2["admin_access"] == "yes") {
stderr($language["SORRY"], "I'm sorry Staff are not allowed to log in this way");
exit;
}
}
$res = do_sqlquery("SELECT `u`.`salt`, `u`.`pass_type`, `u`.`username`, `u`.`id`, `u`.`random`, `u`.`password`" . (substr($FORUMLINK, 0, 3) == "smf" ? ", `u`.`smf_fid`, `s`.`passwd`" : ($FORUMLINK == "ipb" ? ", `u`.`ipb_fid`, `i`.`members_pass_hash`, `i`.`members_pass_salt`, `i`.`name`, `i`.`member_group_id`" : "")) . " FROM `{$TABLE_PREFIX}users` `u` " . (substr($FORUMLINK, 0, 3) == "smf" ? "LEFT JOIN `{$db_prefix}members` `s` ON `u`.`smf_fid`=`s`." . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "" : ($FORUMLINK == "ipb" ? "LEFT JOIN `{$ipb_prefix}members` `i` ON `u`.`ipb_fid`=`i`.`member_id`" : "")) . " WHERE `u`.`email` ='" . $email . "'", true);
$row = mysqli_fetch_assoc($res);
if (!$row) {
stderr($language["SORRY"], "You can not log in, your e-mail used with Facebook does not correspond with the e-mail you used here");
exit;
} else {
logoutcookie();
logincookie($row, $row["username"]);
if (substr($FORUMLINK, 0, 3) == "smf" && $email == $row["emailAddress"]) {
set_smf_cookie($row["smf_fid"], $row["passwd"], $row["passwordSalt"]);
} elseif ($FORUMLINK == "ipb") {
set_ipb_cookie($row["ipb_fid"], $row["name"], $row["member_group_id"]);
}
redirect($url);
die;
}
}