} if (isset($_POST['code'])) { $code = $_POST['code']; } if (isset($_SESSION['ssid'])) { $ssid = $_SESSION['ssid']; $code = $_SESSION['code']; } if (isset($_GET['ajax'])) { $ajax = true; header("Content-Type: application/json"); $api_caller; if (!check_api_access($api_caller)) { die(json_encode($api_caller)); } log_api_action($api_caller['id'], "logging out of session: " . $ssid); } $status = false; $active = 0; $session_deactivate_q = $mysql->prepare("UPDATE loginsessions set active = ? where id = ? and sessioncode = ?"); $session_deactivate_q->bind_param("iii", $active, $ssid, $code); $session_deactivate_q->execute(); $session_deactivate_q->close(); unset($_SESSION['id']); unset($_SESSION['ip']); unset($_SESSION['username']); unset($_SESSION['email']); unset($_SESSION['ssid']); unset($_SESSION['title']); unset($_SESSION['code']); session_destroy();
if (isset($_GET['username']) and isset($_GET['password'])) { $username = stripslashes($_GET['username']); $password = stripslashes($_GET['password']); } if (isset($_POST['username']) and isset($_POST['password'])) { $username = stripslashes($_POST['username']); $password = stripslashes($_POST['password']); } if (isset($_GET['ajax'])) { $ajax = true; header("Content-Type: application/json"); $api_caller; if (!check_api_access($api_caller)) { die(json_encode($api_caller)); } log_api_action($api_caller['id'], "logging in to user: "******"SELECT state,password,password_salt,id from users where (username = ? or email = ?)"); $stmt->bind_param('ss', $username, $username); $stmt->execute(); $stmt->bind_result($method, $password_h, $password_salt, $uid); $stmt->fetch(); $stmt->close(); if (isValidMd5($password_h)) { $cv_hash = cv_hash($password); if ($password_h == $cv_hash) { updatePassword($uid, $password); $login = true;
$param_keys[] = "img = ?"; } elseif ($key == "info") { $param_keys[] = "info = ?"; } } $sql_q = "UPDATE users SET " . implode(',', $param_keys) . " WHERE id = ?"; $sql_s = $mysql->prepare($sql_q); $params = new BindParam(); foreach ($change as $key => $value) { if ($key == "username") { $params->add('s', $value); } elseif ($key == "email") { $params->add('s', $value); } elseif ($key == "password") { $passhash = hashpass($value); $params->add('s', $params); } elseif ($key == "img") { $params->add('s', $value); } elseif ($key == "info") { $params->add('s', $value); } } $params->add('i', $uid); call_user_func_array(array($sql_s, "bind_param"), refValues($params->get())); $sql_s->execute(); $sql_s->close(); if (isset($change['password'])) { $change['password'] = '******'; } log_api_action($api_caller['id'], "editing user: "******" change data: " . http_build_query($change)); }
$code = $_GET['code']; } if (isset($_POST['code'])) { $code = $_POST['code']; } if (isset($_GET['logincheck'])) { $q = $mysql->prepare("SELECT active from loginsessions where id = ? and sessioncode = ?"); $q->bind_param("ss", $ssid, $code); $q->execute(); $q->bind_result($active); $q->fetch(); $q->close(); log_api_action($api_caller['id'], "checking for active session: " . $ssid); die(json_encode(array("active" => $active))); } log_api_action($api_caller['id'], "fetching session info for session: " . $ssid); if ($ssid != 0 && $code != 0) { //Get uid $session_uid_q = $mysql->prepare("SELECT uid from loginsessions where id = ? and sessioncode = ? and active = '1'"); $session_uid_q->bind_param("ii", $ssid, $code); $session_uid_q->execute(); $session_uid_q->bind_result($uid); $session_uid_q->fetch(); if ($uid != "") { $session_uid_q->close(); //Get user info $user_info_q = $mysql->prepare("SELECT users.id as id,username,email,rank,user_titles.title as title from users left join user_titles on user_titles.id = users.rank where users.id = ?"); $user_info_q->bind_param("i", $uid); $user_info_q->execute(); $user_info_q->bind_result($id, $qusername, $qemail, $qrank, $qtitle); $user_info_q->fetch();