die;
}
$tpl->assign('SITE_TITLE', '{L_LOGIN_WELCOME} — {SITE_HEADER}');
$tpl->assign('LOGIN_ACTION', './login.php');
}
if (defined('IN_LOGIN') && IN_LOGIN) {
if (isset($_GET['logout'])) {
$mod->modules['users']->logout();
header('Location: ./acp.php');
}
if (!$_SESSION['logged']) {
if (isset($_POST['login_username'], $_POST['login_password_md5'], $_POST['login_challenge'])) {
global $q, $syslog;
$sql = new MySQLObject();
$sql->query("DELETE FROM " . $q->table('login_challenges') . " WHERE (`chid` = " . intval($_POST['login_challenge']) . " AND `ip` = '" . $_SERVER['REMOTE_ADDR'] . "')");
if (!$sql->affected()) {
header('Location: ./loginbox.php');
} else {
$sql->query("DELETE FROM " . $q->table('login_challenges') . " WHERE (`ip` = '" . $_SERVER['REMOTE_ADDR'] . "')");
$sql->query("SELECT `uid`,`username`,`password` FROM " . $q->table('users') . " WHERE (`username` = '" . $sql->escape($_POST['login_username']) . "')");
if ($sql->num()) {
$user = $sql->fetch_one();
if ($_POST['login_password_md5'] == $user->password) {
session_destroy();
session_start();
$authkey = $mod->modules['users']->authkey();
if ($sql->query("UPDATE " . $q->table('users') . " SET `authkey` = '" . $authkey . "' WHERE (`uid` = " . $user->uid . ")")) {
$_SESSION['authkey'] = $authkey;
setcookie('authkey', $authkey);
$_SESSION['logged'] = true;
$_SESSION['uid'] = intval($user->uid);
