function isEmail($login) { if (empty($login)) { $GLOBALS["error_detected"] = _T("empty login"); } else { $req = "SELECT email_adh\n\t\t\t\tFROM " . PREFIX_DB . "adherents\n\t\t\t\tWHERE login_adh=" . txt_sqls($login); $result =& $GLOBALS["DB"]->Execute($req); if ($result->EOF) { $GLOBALS["error_detected"] = _T("this login doesn't exist"); dblog("Nonexistent login sent via the lost password form. Login:"******" \"" . $login . "\""); } else { $email = $result->fields[0]; if (empty($email)) { $GLOBALS["error_detected"] = _T("This account doesn't have a valid email address. Please contact an administrator."); dblog("Someone asked to recover his password but had no email. Login:"******" \"" . $login . "\""); } else { return $email; } } } }
} if (!isset($pref_lang)) { $pref_lang = PREF_LANG; } echo "<a href=\"self_adherent.php?pref_lang={$pref_lang}\">" . _T("Subscribe") . "</a>"; } // Authentication procedure if (isset($_POST["ident"])) { if ($_POST["login"] == PREF_ADMIN_LOGIN && $_POST["password"] == PREF_ADMIN_PASS || $_POST["login"] == PREF_ADMIN_LOGIN && md5($_POST["password"]) == PREF_ADMIN_PASS) { $_SESSION["logged_status"] = 1; $_SESSION["admin_status"] = 1; $_SESSION["logged_username"] = $_POST["login"]; $_SESSION["logged_nom_adh"] = "Admin"; dblog("Login"); } else { $requete = "SELECT id_adh, bool_admin_adh, nom_adh, prenom_adh, mdp_adh, pref_lang\n\t\t\t\t\tFROM " . PREFIX_DB . "adherents\n\t\t\t\t\tWHERE login_adh=" . txt_sqls($_POST["login"]) . "\n\t\t\t\t\tAND activite_adh='1'"; $resultat =& $DB->Execute($requete); if (!$resultat->EOF && ($resultat->fields[4] == $_POST["password"] || $resultat->fields[4] == md5($_POST["password"]))) { if ($resultat->fields[1] == "1") { $_SESSION["admin_status"] = 1; } $_SESSION["logged_id_adh"] = $resultat->fields[0]; $_SESSION["logged_status"] = 1; $_SESSION["logged_nom_adh"] = strtoupper($resultat->fields[2]) . " " . strtolower($resultat->fields[3]); $pref_lang = $resultat->fields[5]; setcookie("pref_lang", $pref_lang); dblog("Login"); } else { dblog("Authentication failed", $_POST["login"]); } }
if (strcmp($_POST["mdp_adh"], $_POST["mdp_adh2"])) { $error_detected[] = _T("- The passwords don't match!"); } else { $passwd = $_POST['mdp_adh']; if (strlen($passwd) < 4) { $error_detected[] = _T("- The password must be of at least 4 characters!"); } else { $passwd = md5($passwd); $query = "UPDATE " . PREFIX_DB . "adherents"; $query .= " SET mdp_adh = '{$passwd}'"; $query .= " WHERE id_adh = '{$id_adh}'"; if (!$DB->Execute($query)) { $warning_detected = _T("There was a database error"); } else { //delete temporary password from table $query = "DELETE from " . PREFIX_DB . "tmppasswds where tmp_passwd=" . txt_sqls($hash); if (!$DB->Execute($query)) { $warning_detected = _T("There was a database error"); } else { dblog("**Password changed**. id:" . " \"" . $id_adh . "\""); $warning_detected = _T("Password changed, you will be redirected to login page"); $head_redirect = "<meta http-equiv=\"refresh\" content=\"10;url=index.php\" />"; } } } } } } } else { header('location: index.php'); die;