function login() { site_title(lang('login_t')); page_title(lang('login_t')); $out = ''; // Try to login? if (@$_POST['sub_login']) { $mail = @$_POST['mail']; $pass = @$_POST['pass']; $red = @$_POST['red']; if (!$red) { $red = URL . '/'; } // has user? $data = ldb_select('user', '*', '`mail`=\'' . ldb_escape($mail) . '\' AND `passwd`=\'' . md5(md5(md5($pass))) . '\' LIMIT 1'); if (!$data) { // User is not found... // Drop cookie setcookie(cfg('auth_int_cookie_name'), '', time() - 86400, '/', COOKIE_DOMAIN); // Error message //core_error_lng('login_e_p'); $out .= '<div class="error_div"><p>' . lang('login_e_p') . '</p></div><br/>'; } else { $data = $data[0]; // Status is OK? if ($data['status'] != 'ACTIVE') { if ($data['status'] == 'NOT_ACTIVATED') { // Not activated... $out .= '<div class="error_div">' . lang('login_e_a') . '</div>'; } if ($data['status'] == 'BANNED') { // Not activated... $out .= '<div class="error_div">' . lang('login_e_b') . '</div>'; } } else { // User exists... /* // Generate LoginKey $lk = sha1(md5($_SERVER['HTTP_USER_AGENT']).mt_rand().md5($mail).md5($pass).time()); // Update DB db_update_by_id('site_users', $data['id'], array('login_key'=>md5($lk),'last_login'=>time(),'last_ip'=>$_SERVER['REMOTE_ADDR'])); // All ok, set cookie and redirect; $c_data = base64_encode($data['id'].':'.base64_encode($lk)); setcookie (cfg('auth_int_cookie_name'), $c_data, time()+intval(cfg('auth_int_session_time')), '/', COOKIE_DOMAIN); */ $this->create_session($data['id']); $msg = lang('login_ok'); $msg = str_replace('{NAME}', $data['name'], $msg); redirect_msg($red, $msg); exit; } } } // Template /*$tpl = new tpl ('login_form'); $tpl->v ('post',array_map('htmlspecialchars',$_POST)); $out .= $tpl->get ();*/ $fg = new lform(); $fg->add_title('Авторизироваться в системе'); $fg->add_input('text', lang('register_mail'), 'mail'); $fg->add_input('password', lang('register_password'), 'pass'); $fg->add_input('submit', '', 'sub_login', 'Войти'); $fg->add_input('raw', '<tr><td align="center" colspan="2" class="formgen_input_area"><a href="' . URL . '/user/lost_password/">' . lang('t_lostp') . '</a> / <a href="' . register_link() . '">' . lang('t_register') . '</a></td></tr>'); $out .= $fg->get_form(); return $out; }
function update() { $id = intval($_GET['id']); $data = ldb_select_one('upload', '*', $id); if (!$data || @$data['uid'] != $this->uid) { return $this->error('UPLOAD_NF', 'Upload is not found...'); } $ttl = $GLOBALS['ttl_def']; if (isset($GLOBALS['ttl'][@$_GET['ttl']])) { $ttl = $_GET['ttl']; } $prol = @$_GET['prol'] == 'Y' ? true : false; if ($prol) { $tms_del = time() + $ttl; } else { $tms_del = $data['tms_upload'] + $ttl; } ldb_query('UPDATE `upload` SET `comment`=\'' . ldb_escape(@$_GET['comment']) . '\',`prolong`=\'' . ($prol ? 'Y' : 'N') . '\',`tms_delete`=' . $tms_del . ',`ttl`=' . $ttl . ' WHERE `id`=' . $id); $data = ldb_select_one('upload', '*', $id); echo '<update status="ok" tms_delete="' . $data['tms_delete'] . '" ttl="' . $data['ttl'] . '" prolong="' . $data['prolong'] . '" tms_last="' . $data['tms_last'] . '"/>' . "\n"; }
function user_password($login, $password, $is_md5 = false) { if (!$is_md5) { $password = md5($password); } if ($u_data = ldb_select('user', array('id'), '`mail`=\'' . ldb_escape($login) . '\' AND `passwd`=\'' . md5(md5($password)) . '\' LIMIT 1')) { return $u_data[0]['id']; } else { return false; } }