/**
* Creates a new session.
*
* If cookies are disabled the page will be reloaded with session id added to query string.
*
* @param boolean Set to true if this function is called from sid_load()
* @return object Data of the user who is calling this script
*/
function sid_new() {
global $config, $db, $gpc;
if (!$this->sidload && !array_empty($this->cookiedata)) {
$load = $db->query('SELECT mid FROM '.$db->pre.'session WHERE mid = "'.$this->cookiedata[0].'" LIMIT 1');
if ($db->num_rows($load) == 1) {
$this->sidload = true;
$my = $this->sid_load();
return $my;
}
}
if (!array_empty($this->cookiedata) && count($this->cookiedata) == 2) {
$result = $db->query('SELECT u.*, f.* FROM '.$db->pre.'user AS u LEFT JOIN '.$db->pre.'userfields as f ON f.ufid = u.id WHERE u.id = "'.$this->cookiedata[0].'" AND u.pw = "'.$this->cookiedata[1].'" LIMIT 1');
$my = $this->cleanUserData($db->fetch_object($result));
$nodata = ($db->num_rows($result) == 1) ? false : true;
if ($nodata == true) { // Loginversuch mit falschen Daten => Versuch protokollieren!
makecookie($config['cookie_prefix'].'_vdata', '|', 0);
set_failed_login();
}
}
else {
$nodata = true;
}
if (!isset($my) || !is_object($my)) {
$my = new stdClass();
}
if ($nodata == false && $my->confirm == '11') {
$id = &$my->id;
$lastvisit = $my->lastvisit;
$my->clv = $my->lastvisit;
$my->vlogin = true;
makecookie($config['cookie_prefix'].'_vdata', $my->id."|".$my->pw);
}
else {
$id = 0;
$lastvisit = $gpc->save_int(getcookie('vlastvisit'));
$my->clv = $lastvisit;
$my->vlogin = false;
makecookie($config['cookie_prefix'].'_vdata', "|", -60);
}
$my->is_bot = $this->log_robot();
$this->sid = $this->construct_sid();
$my->sid = &$this->sid;
$my->mark = serialize(array());
$my->pwfaccess = serialize(array());
$my->settings = serialize(array());
$action = $gpc->get('action', str);
$qid = $gpc->get('id', int);
$db->query("INSERT INTO {$db->pre}session
(sid, mid, wiw_script, wiw_action, wiw_id, active, ip, user_agent, lastvisit, mark, pwfaccess, settings, is_bot) VALUES
('{$this->sid}', '{$id}','".SCRIPTNAME."','{$action}','{$qid}','".time()."','{$this->ip}','".$gpc->save_str($this->user_agent)."','{$lastvisit}','".$db->escape_string($my->mark)."','".$db->escape_string($my->pwfaccess)."','".$db->escape_string($my->settings)."','{$my->is_bot}')");
return $my;
}
error('admin.php?action=index' . SID2URL_x, $lang->phrase('admin_requested_page_doesnot_exist'));
}
}
}
} else {
($code = $plugins->load('admin_notallowed')) ? eval($code) : null;
if ($my->p['admin'] == 0 && $my->vlogin) {
echo head();
error('index.php' . SID2URL_1, $lang->phrase('admin_not_allowed_to_view_this_page'));
}
include "classes/function.flood.php";
$addr = rawurldecode($gpc->get('addr', none));
if ($action == "login2") {
$log_status = $slog->sid_login(true);
if ($log_status == false) {
$attempts = set_failed_login();
if ($attempts == $config['login_attempts_max']) {
header('Location: index.php' . SID2URL_1);
} else {
echo head();
error('admin.php' . iif(!empty($addr), '?addr=' . rawurlencode($addr)), $lang->phrase('admin_incorrect_username_or_password_entered'));
}
} else {
clear_login_attempts();
echo head();
ok('admin.php' . iif(!empty($addr), '?addr=' . rawurlencode($addr)), $lang->phrase('admin_successfully_logged_in'));
}
} else {
echo head();
AdminLogInForm();
}
$loc = getRedirectURL();
if ($my->vlogin) {
$slog->updatelogged();
$db->close();
viscacha_header("Location: {$loc}");
exit;
}
if ($remember == 1) {
$remember = true;
} else {
$remember = false;
}
($code = $plugins->load('log_login2')) ? eval($code) : null;
$log_status = $slog->sid_login($remember);
if ($log_status == false) {
$attempts = $config['login_attempts_max'] - set_failed_login();
if ($attempts == 0) {
error($lang->phrase('log_wrong_data_block'), "index.php" . SID2URL_1);
} else {
if ($attempts > 0) {
$can_try = $lang->phrase('log_x_attempts');
} else {
$can_try = '';
}
error($lang->phrase('log_wrong_data'), "log.php?action=login&redirect=" . rawurlencode($loc) . SID2URL_x);
}
} else {
clear_login_attempts();
ok($lang->phrase('log_msglogin'), $loc);
}
} elseif ($_GET['action'] == "logout") {
