<?php
$existing_accounts = dbOne('select count(id) as ids from user_accounts', 'ids');
if (isset($_REQUEST['action']) && $_REQUEST['action'] == __('remind')) {
$email = $_REQUEST['email'];
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$u = dbRow("SELECT * FROM user_accounts WHERE email='{$email}'");
if (count($u)) {
$passwd = Password::getNew();
dbQuery("UPDATE user_accounts SET password=md5('{$passwd}') WHERE email='{$email}'");
mail($email, '[' . $sitedomain . '] admin password reset', 'Your new password is "' . $passwd . '". Please log into the admin area and change it to something else.', "Reply-to: {$email}\nFrom: {$email}");
}
}
}
if (!$existing_accounts && isset($_REQUEST['email']) && isset($_REQUEST['password'])) {
$email = $_REQUEST['email'];
$password = md5($_REQUEST['password']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message = __('Please make sure to use a valid email address');
} else {
dbQuery('insert into user_accounts set id=1,email="' . addslashes($email) . '",' . 'name="Administrator",password="******",active=1,parent=0,' . 'date_created=now()');
dbQuery("insert into groups values(1,'administrators',0)");
dbQuery("insert into users_groups values(1,1)");
$message = 'User account created. Please login now (press F5 and choose ' . 'to resubmit the login data)';
}
}
?>
<html>
<head>
<title><?php
echo __('Login');
/**
* function for displaying the registration/reminder/login forms
*
* @return string HTML of the forms
*/
function Privacy_controller()
{
// { variables
$action = @$_REQUEST['action'];
$c = '';
global $loggedin, $sitedomain, $DBVARS, $PAGEDATA;
// }
if (@$_GET['hash'] && $_GET['email']) {
$r = dbRow("select * from user_accounts where email='" . addslashes($_GET['email']) . "' and verification_hash='" . addslashes($_GET['hash']) . "'");
if (!count($r)) {
die('that hash and email combination does not exist');
}
dbQuery("update user_accounts set verification_hash='',active=1 where ema" . "il='" . addslashes($_GET['email']) . "' and verification_hash='" . addslashes($_GET['hash']) . "'");
Core_mail($_GET['email'], '[' . $sitedomain . '] user verified', "Thank you,<br/><br/>your user account with us has now been verified. You" . " can login now using your email address and password.", "noreply@{$sitedomain}");
return '<p>Thank you for registering.</p><p>Your account has now been' . ' verified.</p><p>Please <a href="/_r?type=privacy">click here</a>' . ' to login.</p>';
$action = 'Login';
$_REQUEST['email'] = $_GET['email'];
$_REQUEST['password'] = $password;
}
if ($action == 'Login' || $loggedin) {
// { variables
if ($loggedin) {
$email = $_SESSION['userdata']['email'];
$password = $_SESSION['userdata']['password'];
} else {
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];
}
// }
$sql = 'select * from user_accounts where email="' . $email . '" and password=md5("' . $password . '") limit 1';
$r = dbRow($sql);
if ($r) {
// { update session variables
$loggedin = 1;
$r['password'] = $password;
$_SESSION['userdata'] = $r;
// }
$n = $_SESSION['userdata']['name'];
dbQuery('update user_accounts set last_view=now() where id=' . $r['id']);
if ($action == 'Login') {
$redirect_url = '';
if (isset($_REQUEST['login_referer']) && strpos($_REQUEST['login_referer'], '/') === 0) {
$redirect_url = $_REQUEST['login_referer'];
} else {
if (@$PAGEDATA->vars['userlogin_redirect_to']) {
$p = Page::getInstance($PAGEDATA->vars['userlogin_redirect_to']);
$redirect_url = $p->getRelativeUrl();
}
}
dbQuery('update user_accounts set last_login=now() where id=' . $r['id']);
if ($redirect_url != '') {
redirect($redirect_url);
}
}
return Privacy_profileGet();
} else {
unset($_SESSION['userdata']);
}
}
if ($c == '') {
$c = $PAGEDATA->render();
}
if ($action == 'Remind') {
// { variables
$email = @$_REQUEST['email'];
// }
$r = dbOne('select id from user_accounts where email="' . $email . '"', 'id');
if ($r) {
$p = Password::getNew();
Core_mail($email, '[' . $sitedomain . '] user password changed', "Your new password:<br/><br/>" . $p, "noreply@{$sitedomain}");
dbQuery('update user_accounts set password=md5("' . $p . '") where email="' . $email . '"');
$c .= '<script defer="defer">$(function(){$("<strong>Please' . ' check your email for your new password.</strong>")' . '.dialog({modal:true,height:100,width:150});});</script>';
} else {
$c .= '<script>$(function(){$("<strong>No user account with that email ' . 'address exists.</strong>").dialog({modal:true,height:100,width:15' . '0});});</script>';
}
}
if (!isset($PAGEDATA->vars['userlogin_visibility']) || !$PAGEDATA->vars['userlogin_visibility']) {
$PAGEDATA->vars['userlogin_visibility'] = 3;
}
if (!$loggedin) {
// show login and registration box
$c .= '<div class="tabs"><ul>';
// { menu
if ($PAGEDATA->vars['userlogin_visibility'] & 1) {
$c .= '<li><a href="#Privacy_controllerLoginBox">' . __('Login', 'core') . '</a></li>' . '<li><a href="#userPasswordReminder">' . __('Password reminder', 'core') . '</a></li>';
}
if ($PAGEDATA->vars['userlogin_visibility'] & 2) {
$c .= '<li><a href="#userregistration">' . __('Register', 'core') . '</a></li>';
}
// }
$c .= '</ul>';
// { tabs
if ($PAGEDATA->vars['userlogin_visibility'] & 1) {
$c .= Privacy_loginForm() . Privacy_passwordReminderForm();
}
if ($PAGEDATA->vars['userlogin_visibility'] & 2) {
$c .= Privacy_registrationController();
}
// }
$c .= '</div>';
}
return $c;
}