Exemplo n.º 1
0
            $logintpl->set("FALSE_PASSWORD", false, true);
            $logintpl->set("login_username_incorrect", $language["ERR_USERNAME_INCORRECT"]);
            login();
        } elseif (md5($row["random"] . $row["password"] . $row["random"]) != md5($row["random"] . md5($pwd) . $row["random"])) {
            $logintpl->set("FALSE_USER", false, true);
            $logintpl->set("FALSE_PASSWORD", true, true);
            $logintpl->set("login_password_incorrect", $language["ERR_PASSWORD_INCORRECT"]);
            login();
        } else {
            logincookie($row["id"], md5($row["random"] . $row["password"] . $row["random"]));
            if ($FORUMLINK == "smf" && $smf_pass == $row["passwd"]) {
                set_smf_cookie($row["smf_fid"], $row["passwd"], $row["passwordSalt"]);
            } elseif ($FORUMLINK == "smf" && $row["password"] == $row["passwd"]) {
                $salt = substr(md5(rand()), 0, 4);
                @mysql_query("UPDATE {$db_prefix}members SET passwd='{$smf_pass}', passwordSalt='{$salt}' WHERE ID_MEMBER=" . $row["smf_fid"]);
                set_smf_cookie($row["smf_fid"], $smf_pass, $salt);
            }
            if (isset($_GET["returnto"])) {
                $url = urldecode($_GET["returnto"]);
            } else {
                $url = "index.php";
            }
            redirect($url);
            die;
        }
    } else {
        $logintpl->set("FALSE_USER", false, true);
        $logintpl->set("FALSE_PASSWORD", false, true);
        login();
    }
} else {
Exemplo n.º 2
0
 // call the logoutcookie function for good measure, just in case we have some old cookies that need destroying.
 logoutcookie();
 // Then login
 logincookie($row, $user);
 if (substr($FORUMLINK, 0, 3) == "smf" && $smf_pass == $row["passwd"]) {
     $new_smf_salt = substr(md5(rand()), 0, 4);
     do_sqlquery("UPDATE `{$db_prefix}members` SET " . ($FORUMLINK == "smf" ? "`passwordSalt`" : "`password_salt`") . "='" . $new_smf_salt . "' WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $row["smf_fid"], true);
     set_smf_cookie($row["smf_fid"], $row["passwd"], $new_smf_salt);
 } elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["pass_type"] == 1 && $row["password"] == $row["passwd"]) {
     $salt = substr(md5(rand()), 0, 4);
     do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$smf_pass}', " . ($FORUMLINK == "smf" ? "`passwordSalt`='{$salt}' WHERE `ID_MEMBER`" : "`password_salt`='{$salt}' WHERE `id_member`") . "=" . $row["smf_fid"]);
     set_smf_cookie($row["smf_fid"], $smf_pass, $salt);
 } elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["passwd"] == "ffffffffffffffffffffffffffffffffffffffff") {
     $fix_pass = smf_passgen($user, $pwd);
     do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='" . $fix_pass[0] . "', " . ($FORUMLINK == "smf" ? "`passwordSalt`='" . $fix_pass[1] . "' WHERE `ID_MEMBER`" : "`password_salt`='" . $fix_pass[1] . "' WHERE `id_member`") . "=" . $row["smf_fid"]);
     set_smf_cookie($row["smf_fid"], $fix_pass[0], $fix_pass[1]);
 } elseif ($FORUMLINK == "ipb") {
     if ($row["members_pass_hash"] == "ffffffffffffffffffffffffffffffff") {
         if (!defined('IPS_ENFORCE_ACCESS')) {
             define('IPS_ENFORCE_ACCESS', true);
         }
         if (!defined('IPB_THIS_SCRIPT')) {
             define('IPB_THIS_SCRIPT', 'public');
         }
         if (!isset($THIS_BASEPATH) || empty($THIS_BASEPATH)) {
             $THIS_BASEPATH = dirname(__FILE__);
         }
         require_once $THIS_BASEPATH . '/ipb/initdata.php';
         require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';
         require_once IPS_ROOT_PATH . 'sources/base/ipsController.php';
         $registry = ipsRegistry::instance();
Exemplo n.º 3
0
    $email = mysqli_real_escape_string($DBDT, $user->email);
    $regex = "/^[_+a-z0-9-]+(\\.[_+a-z0-9-]+)*" . "@[a-z0-9-]+(\\.[a-z0-9-]{1,})*" . "\\.([a-z]{2,}){1}\$/i";
    if (!preg_match($regex, $email)) {
        stderr($language["SORRY"], "E-mail is not valid");
        exit;
    }
    if ($btit_settings["fbadmin"]) {
        $res2 = do_sqlquery("SELECT `ul`.`admin_access` FROM `{$TABLE_PREFIX}users` `u` INNER JOIN `{$TABLE_PREFIX}users_level` `ul` ON `u`.`id_level`=`ul`.`id` WHERE `u`.`email` ='" . $email . "'", true);
        $row2 = mysqli_fetch_assoc($res2);
        if ($row2["admin_access"] == "yes") {
            stderr($language["SORRY"], "I'm sorry Staff are not allowed to log in this way");
            exit;
        }
    }
    $res = do_sqlquery("SELECT `u`.`salt`, `u`.`pass_type`, `u`.`username`, `u`.`id`, `u`.`random`, `u`.`password`" . (substr($FORUMLINK, 0, 3) == "smf" ? ", `u`.`smf_fid`, `s`.`passwd`" : ($FORUMLINK == "ipb" ? ", `u`.`ipb_fid`, `i`.`members_pass_hash`, `i`.`members_pass_salt`, `i`.`name`, `i`.`member_group_id`" : "")) . " FROM `{$TABLE_PREFIX}users` `u` " . (substr($FORUMLINK, 0, 3) == "smf" ? "LEFT JOIN `{$db_prefix}members` `s` ON `u`.`smf_fid`=`s`." . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "" : ($FORUMLINK == "ipb" ? "LEFT JOIN `{$ipb_prefix}members` `i` ON `u`.`ipb_fid`=`i`.`member_id`" : "")) . " WHERE `u`.`email` ='" . $email . "'", true);
    $row = mysqli_fetch_assoc($res);
    if (!$row) {
        stderr($language["SORRY"], "You can not log in, your e-mail used with Facebook does not correspond with the e-mail you used here");
        exit;
    } else {
        logoutcookie();
        logincookie($row, $row["username"]);
        if (substr($FORUMLINK, 0, 3) == "smf" && $email == $row["emailAddress"]) {
            set_smf_cookie($row["smf_fid"], $row["passwd"], $row["passwordSalt"]);
        } elseif ($FORUMLINK == "ipb") {
            set_ipb_cookie($row["ipb_fid"], $row["name"], $row["member_group_id"]);
        }
        redirect($url);
        die;
    }
}