Пример #1
0
<?php

$existing_accounts = dbOne('select count(id) as ids from user_accounts', 'ids');
if (isset($_REQUEST['action']) && $_REQUEST['action'] == __('remind')) {
    $email = $_REQUEST['email'];
    if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $u = dbRow("SELECT * FROM user_accounts WHERE email='{$email}'");
        if (count($u)) {
            $passwd = Password::getNew();
            dbQuery("UPDATE user_accounts SET password=md5('{$passwd}') WHERE email='{$email}'");
            mail($email, '[' . $sitedomain . '] admin password reset', 'Your new password is "' . $passwd . '". Please log into the admin area and change it to something else.', "Reply-to: {$email}\nFrom: {$email}");
        }
    }
}
if (!$existing_accounts && isset($_REQUEST['email']) && isset($_REQUEST['password'])) {
    $email = $_REQUEST['email'];
    $password = md5($_REQUEST['password']);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $message = __('Please make sure to use a valid email address');
    } else {
        dbQuery('insert into user_accounts set id=1,email="' . addslashes($email) . '",' . 'name="Administrator",password="******",active=1,parent=0,' . 'date_created=now()');
        dbQuery("insert into groups values(1,'administrators',0)");
        dbQuery("insert into users_groups values(1,1)");
        $message = 'User account created. Please login now (press F5 and choose ' . 'to resubmit the login data)';
    }
}
?>
<html>
	<head>
		<title><?php 
echo __('Login');
Пример #2
0
/**
 * function for displaying the registration/reminder/login forms
 *
 * @return string HTML of the forms
 */
function Privacy_controller()
{
    // { variables
    $action = @$_REQUEST['action'];
    $c = '';
    global $loggedin, $sitedomain, $DBVARS, $PAGEDATA;
    // }
    if (@$_GET['hash'] && $_GET['email']) {
        $r = dbRow("select * from user_accounts where email='" . addslashes($_GET['email']) . "' and verification_hash='" . addslashes($_GET['hash']) . "'");
        if (!count($r)) {
            die('that hash and email combination does not exist');
        }
        dbQuery("update user_accounts set verification_hash='',active=1 where ema" . "il='" . addslashes($_GET['email']) . "' and verification_hash='" . addslashes($_GET['hash']) . "'");
        Core_mail($_GET['email'], '[' . $sitedomain . '] user verified', "Thank you,<br/><br/>your user account with us has now been verified. You" . " can login now using your email address and password.", "noreply@{$sitedomain}");
        return '<p>Thank you for registering.</p><p>Your account has now been' . ' verified.</p><p>Please <a href="/_r?type=privacy">click here</a>' . ' to login.</p>';
        $action = 'Login';
        $_REQUEST['email'] = $_GET['email'];
        $_REQUEST['password'] = $password;
    }
    if ($action == 'Login' || $loggedin) {
        // { variables
        if ($loggedin) {
            $email = $_SESSION['userdata']['email'];
            $password = $_SESSION['userdata']['password'];
        } else {
            $email = $_REQUEST['email'];
            $password = $_REQUEST['password'];
        }
        // }
        $sql = 'select * from user_accounts where email="' . $email . '" and password=md5("' . $password . '") limit 1';
        $r = dbRow($sql);
        if ($r) {
            // { update session variables
            $loggedin = 1;
            $r['password'] = $password;
            $_SESSION['userdata'] = $r;
            // }
            $n = $_SESSION['userdata']['name'];
            dbQuery('update user_accounts set last_view=now() where id=' . $r['id']);
            if ($action == 'Login') {
                $redirect_url = '';
                if (isset($_REQUEST['login_referer']) && strpos($_REQUEST['login_referer'], '/') === 0) {
                    $redirect_url = $_REQUEST['login_referer'];
                } else {
                    if (@$PAGEDATA->vars['userlogin_redirect_to']) {
                        $p = Page::getInstance($PAGEDATA->vars['userlogin_redirect_to']);
                        $redirect_url = $p->getRelativeUrl();
                    }
                }
                dbQuery('update user_accounts set last_login=now() where id=' . $r['id']);
                if ($redirect_url != '') {
                    redirect($redirect_url);
                }
            }
            return Privacy_profileGet();
        } else {
            unset($_SESSION['userdata']);
        }
    }
    if ($c == '') {
        $c = $PAGEDATA->render();
    }
    if ($action == 'Remind') {
        // { variables
        $email = @$_REQUEST['email'];
        // }
        $r = dbOne('select id from user_accounts where email="' . $email . '"', 'id');
        if ($r) {
            $p = Password::getNew();
            Core_mail($email, '[' . $sitedomain . '] user password changed', "Your new password:<br/><br/>" . $p, "noreply@{$sitedomain}");
            dbQuery('update user_accounts set password=md5("' . $p . '") where email="' . $email . '"');
            $c .= '<script defer="defer">$(function(){$("<strong>Please' . ' check your email for your new password.</strong>")' . '.dialog({modal:true,height:100,width:150});});</script>';
        } else {
            $c .= '<script>$(function(){$("<strong>No user account with that email ' . 'address exists.</strong>").dialog({modal:true,height:100,width:15' . '0});});</script>';
        }
    }
    if (!isset($PAGEDATA->vars['userlogin_visibility']) || !$PAGEDATA->vars['userlogin_visibility']) {
        $PAGEDATA->vars['userlogin_visibility'] = 3;
    }
    if (!$loggedin) {
        // show login and registration box
        $c .= '<div class="tabs"><ul>';
        // { menu
        if ($PAGEDATA->vars['userlogin_visibility'] & 1) {
            $c .= '<li><a href="#Privacy_controllerLoginBox">' . __('Login', 'core') . '</a></li>' . '<li><a href="#userPasswordReminder">' . __('Password reminder', 'core') . '</a></li>';
        }
        if ($PAGEDATA->vars['userlogin_visibility'] & 2) {
            $c .= '<li><a href="#userregistration">' . __('Register', 'core') . '</a></li>';
        }
        // }
        $c .= '</ul>';
        // { tabs
        if ($PAGEDATA->vars['userlogin_visibility'] & 1) {
            $c .= Privacy_loginForm() . Privacy_passwordReminderForm();
        }
        if ($PAGEDATA->vars['userlogin_visibility'] & 2) {
            $c .= Privacy_registrationController();
        }
        // }
        $c .= '</div>';
    }
    return $c;
}