-<?php\r
-/************************************************************************\r
- * MXChange v0.2.1 Start: 10/14/2003 *\r
- * =============== Last change: 04/28/2004 *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * File : what-login.php *\r
- * -------------------------------------------------------------------- *\r
- * Short description : Login area (redirects to the real login module) *\r
- * -------------------------------------------------------------------- *\r
- * Kurzbeschreibung : Loginbereich (leitet an das richtige Lgin-Modul *\r
- * weiter) *\r
- * -------------------------------------------------------------------- *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * Copyright (c) 2003 - 2008 by Roland Haeder *\r
- * For more information visit: http://www.mxchange.org *\r
- * *\r
- * This program is free software; you can redistribute it and/or modify *\r
- * it under the terms of the GNU General Public License as published by *\r
- * the Free Software Foundation; either version 2 of the License, or *\r
- * (at your option) any later version. *\r
- * *\r
- * This program is distributed in the hope that it will be useful, *\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *\r
- * GNU General Public License for more details. *\r
- * *\r
- * You should have received a copy of the GNU General Public License *\r
- * along with this program; if not, write to the Free Software *\r
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *\r
- * MA 02110-1301 USA *\r
- ************************************************************************/\r
-\r
-// Some security stuff...\r
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
-{\r
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
- require($INC);\r
-}\r
-\r
-// Add description as navigation point\r
-ADD_DESCR("guest", basename(__FILE__));\r
-\r
-OPEN_TABLE("100%", "guest_content_align", "");\r
-global $DATA, $FATAL;\r
-\r
-// Initialize data\r
-$probe_nickname = false; $UID = false; $hash = "";\r
-unset($login); unset($online);\r
-\r
-if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])))\r
-{\r
- // Already logged in?\r
- $UID = $GLOBALS['userid'];\r
-}\r
- elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok'])))\r
-{\r
- // Set userid and crypt password when login data was submitted\r
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));\r
- if ($probe_nickname)\r
- {\r
- // Nickname entered\r
- $UID = SQL_ESCAPE($_POST['id']);\r
- }\r
- else\r
- {\r
- // Direct userid entered\r
- $UID = bigintval($_POST['id']);\r
- }\r
-}\r
- elseif (!empty($_POST['new_pass']))\r
-{\r
- // New password requested\r
- $UID = "0";\r
- if (!empty($_POST['id'])) $UID = $_POST['id'];\r
-}\r
- else\r
-{\r
- // Not logged in\r
- $UID = "0"; $hash = "";\r
-}\r
-\r
-$URL = ""; $ADD = "";\r
-// Set unset variables\r
-if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";\r
-if (empty($_GET['login'])) $_GET['login'] = "";\r
-\r
-if (IS_LOGGED_IN())\r
-{\r
- // Login immidiately...\r
- $URL = URL."/modules.php?module=login";\r
-}\r
- elseif (isset($_POST['ok']))\r
-{\r
- // Add last_login if available\r
- $LAST = "";\r
- if (GET_EXT_VERSION("sql_patches") >= "0.2.8")\r
- {\r
- $LAST = ", last_login";\r
- }\r
-\r
- // Check login data\r
- $password = "";\r
- if ($probe_nickname)\r
- {\r
- // Nickname entered\r
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",\r
- array($UID), __FILE__, __LINE__);\r
- list($UID2, $password, $online, $login) = SQL_FETCHROW($result);\r
- if (!empty($UID2)) $UID = $UID2;\r
- }\r
- else\r
- {\r
- // Direct userid entered\r
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",\r
- array(bigintval($UID), $hash), __FILE__, __LINE__);\r
- list($dmy, $password, $online, $login) = SQL_FETCHROW($result);\r
- }\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Valid data found so let's load the last login data\r
- if (isset($_POST['ok']))\r
- {\r
- // By default the hash is empty\r
- $hash = "";\r
-\r
- // Check for old MD5 passwords\r
- if ((strlen($password) == 32) && (md5($_POST['password']) == $password))\r
- {\r
- // Just set the hash to the password from DB... :)\r
- $hash = $password;\r
- }\r
- else\r
- {\r
- // Encrypt hash for comparsion\r
- $hash = generateHash($_POST['password'], substr($password, 0, -40));\r
- }\r
-\r
- if ($hash == $password)\r
- {\r
- // New hashed password found so let's generate a new one\r
- $hash = generateHash($_POST['password']);\r
-\r
- // ... and update database\r
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",\r
- array($hash, $UID), __FILE__, __LINE__);\r
-\r
- // No login bonus by default\r
- $BONUS = false;\r
-\r
- // Probe for last online timemark\r
- $probe = time() - $online;\r
- if (!empty($login)) $probe = time() - $login;\r
- if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $CONFIG['login_timeout']))\r
- {\r
- // Add login bonus to user's account\r
- $ADD = ", login_bonus=login_bonus+'".$CONFIG['login_bonus']."'";\r
- $BONUS = true;\r
-\r
- // Subtract login bonus from userid's account or jackpot\r
- if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus');\r
- }\r
-\r
-\r
- // Secure lifetime from input form\r
- $l = bigintval($_POST['lifetime']);\r
- $life = "-1";\r
- if ($l > 0)\r
- {\r
- // Calculate lifetime of cookies\r
- $life = time() + $l;\r
-\r
- // Calculate new hash with the secret key and master salt together\r
- $hash = generatePassString($hash);\r
-\r
- // Update cookies\r
- $login = (@setcookie("userid" , $UID , $life, COOKIE_PATH)\r
- && @setcookie("u_hash" , $hash, $life, COOKIE_PATH)\r
- && @setcookie("lifetime", $l , $life, COOKIE_PATH));\r
-\r
- // Update global array\r
- $GLOBALS['userid'] = $UID;\r
- $_COOKIE['u_hash'] = $hash;\r
- $_COOKIE['lifetime'] = $l;\r
- }\r
- else\r
- {\r
- // Check for login data\r
- $login = IS_LOGGED_IN();\r
- }\r
-\r
- if ($login)\r
- {\r
- // Update database records\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",\r
- array(bigintval($UID)), __FILE__, __LINE__);\r
- if (SQL_AFFECTEDROWS($link) == 1)\r
- {\r
- // Procedure to checking for login data\r
- if (($BONUS) && (EXT_IS_ACTIVE("bonus")))\r
- {\r
- // Bonus added (just displaying!)\r
- $URL = URL."/modules.php?module=chk_login&mode=bonus";\r
- }\r
- else\r
- {\r
- // Bonus not added\r
- $URL = URL."/modules.php?module=chk_login&mode=login";\r
- }\r
- }\r
- else\r
- {\r
- // Cannot update counter!\r
- $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED;\r
- }\r
- }\r
- else\r
- {\r
- // Cookies not setable!\r
- $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES;\r
- }\r
- }\r
- else\r
- {\r
- // Wrong password!\r
- $ERROR = CODE_WRONG_PASS;\r
- }\r
- }\r
- else\r
- {\r
- // Fatal error!\r
- $ERROR = CODE_LOGIN_FAILED;\r
- }\r
- }\r
- else\r
- {\r
- // Other account status?\r
- $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",\r
- array(bigintval($UID)), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Load status\r
- list($status) = SQL_FETCHROW($result);\r
- switch ($status)\r
- {\r
- case "LOCKED":\r
- $ERROR = CODE_ID_LOCKED;\r
- break;\r
-\r
- case "UNCONFIRMED":\r
- $ERROR = CODE_ID_UNCONFIRMED;\r
- break;\r
-\r
- default:\r
- $ERROR = CODE_UNKNOWN_STATUS;\r
- break;\r
- }\r
- }\r
- else\r
- {\r
- // ID not found!\r
- $ERROR = CODE_WRONG_ID;\r
- }\r
-\r
- // Construct URL\r
- $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR;\r
- }\r
-}\r
- elseif ((!empty($_POST['new_pass'])) && (isset($UID)))\r
-{\r
- // Compile email when found in address (only secure chars!)\r
- if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']);\r
-\r
- // Set ID number when left empty\r
- if (empty($_POST['id'])) $_POST['id'] = "0";\r
-\r
- // Probe userid/nickname\r
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));\r
- if ($probe_nickname)\r
- {\r
- // Nickname entered\r
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",\r
- array(addslashes($UID), $_POST['email']), __FILE__, __LINE__);\r
- }\r
- else\r
- {\r
- // Direct userid entered\r
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",\r
- array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);\r
- }\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // This data is valid, so we create a new pass... :-)\r
- list($UID, $status) = SQL_FETCHROW($result);\r
-\r
- if ($status == "CONFIRMED")\r
- {\r
- // Ooppps, this was missing! ;-) We should update the database...\r
- $NEW_PASS = GEN_PASS();\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",\r
- array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);\r
-\r
- // Prepare data and message for email\r
- $DATA = array($NEW_PASS, getenv('REMOTE_ADDR'));\r
- $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID));\r
-\r
- // ... and send it away\r
- SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg);\r
-\r
- // Output note to user\r
- LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);\r
- }\r
- else\r
- {\r
- // Account is locked or unconfirmed\r
- switch ($status)\r
- {\r
- case "LOCKED" : $MSG = CODE_ID_LOCKED; break;\r
- case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break;\r
- }\r
-\r
- // Load URL\r
- LOAD_URL(URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG);\r
- }\r
- }\r
- else\r
- {\r
- // ID or email is wrong\r
- LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"guest_failed\">".GUEST_WRONG_ID_EMAIL."</SPAN>");\r
- }\r
-}\r
- else\r
-{\r
- // Login problems?\r
- if (!empty($_GET['login']))\r
- {\r
- // Ok, which one now?\r
- $MSG = "<TR>\r
- <TD width=\"10\"> </TD>\r
- <TD colspan=\"7\" align=\"center\">\r
- <STRONG><SPAN class=\"guest_failed\">";\r
- switch ($_GET['login'])\r
- {\r
- case CODE_WRONG_PASS:\r
- $MSG .= LOGIN_WRONG_PASS;\r
- break;\r
-\r
- case CODE_WRONG_ID:\r
- $MSG .= LOGIN_WRONG_ID;\r
- break;\r
-\r
- case CODE_ID_LOCKED:\r
- $MSG .= LOGIN_ID_LOCKED;\r
- break;\r
-\r
- case CODE_ID_UNCONFIRMED:\r
- $MSG .= LOGIN_ID_UNCONFIRMED;\r
- break;\r
-\r
- case CODE_NO_COOKIES:\r
- $MSG .= LOGIN_NO_COOKIES;\r
- break;\r
-\r
- default:\r
- $MSG .= LOGIN_WRONG_ID;\r
- break;\r
- }\r
- $MSG .= "</SPAN></STRONG>\r
- </TD>\r
- <TD width=\"10\"> </TD>\r
-</TR>\n";\r
- define ('LOGIN_FAILURE_MSG', $MSG);\r
- }\r
- else\r
- {\r
- // No problems, no output\r
- define ('LOGIN_FAILURE_MSG', "");\r
- }\r
- // Display login form with resend-password form\r
- if (EXT_IS_ACTIVE("nickname"))\r
- {\r
- LOAD_TEMPLATE("guest_nickname_login");\r
- }\r
- else\r
- {\r
- LOAD_TEMPLATE("guest_login");\r
- }\r
-}\r
-\r
-// Was an URL constructed?\r
-if (!empty($URL))\r
-{\r
- // URL was constructed\r
- if (!empty($FATAL[0]))\r
- {\r
- // Fatal errors!\r
- require_once(PATH."inc/fatal_errors.php");\r
- }\r
- else\r
- {\r
- // Load URL\r
- LOAD_URL($URL);\r
- }\r
-}\r
-\r
-CLOSE_TABLE();\r
-//\r
-?>\r
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 10/14/2003 *
+ * =============== Last change: 04/28/2004 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : what-login.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Login area (redirects to the real login module) *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Loginbereich (leitet an das richtige Lgin-Modul *
+ * weiter) *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
+{
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+
+// Add description as navigation point
+ADD_DESCR("guest", basename(__FILE__));
+
+OPEN_TABLE("100%", "guest_content_align", "");
+global $DATA, $FATAL;
+
+// Initialize data
+$probe_nickname = false; $UID = false; $hash = "";
+unset($login); unset($online);
+
+if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])))
+{
+ // Already logged in?
+ $UID = $GLOBALS['userid'];
+}
+ elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok'])))
+{
+ // Set userid and crypt password when login data was submitted
+ $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));
+ if ($probe_nickname)
+ {
+ // Nickname entered
+ $UID = SQL_ESCAPE($_POST['id']);
+ }
+ else
+ {
+ // Direct userid entered
+ $UID = bigintval($_POST['id']);
+ }
+}
+ elseif (!empty($_POST['new_pass']))
+{
+ // New password requested
+ $UID = "0";
+ if (!empty($_POST['id'])) $UID = $_POST['id'];
+}
+ else
+{
+ // Not logged in
+ $UID = "0"; $hash = "";
+}
+
+$URL = ""; $ADD = "";
+// Set unset variables
+if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";
+if (empty($_GET['login'])) $_GET['login'] = "";
+
+if (IS_LOGGED_IN())
+{
+ // Login immidiately...
+ $URL = URL."/modules.php?module=login";
+}
+ elseif (isset($_POST['ok']))
+{
+ // Add last_login if available
+ $LAST = "";
+ if (GET_EXT_VERSION("sql_patches") >= "0.2.8")
+ {
+ $LAST = ", last_login";
+ }
+
+ // Check login data
+ $password = "";
+ if ($probe_nickname)
+ {
+ // Nickname entered
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
+ array($UID), __FILE__, __LINE__);
+ list($UID2, $password, $online, $login) = SQL_FETCHROW($result);
+ if (!empty($UID2)) $UID = $UID2;
+ }
+ else
+ {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ array(bigintval($UID), $hash), __FILE__, __LINE__);
+ list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
+ }
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Valid data found so let's load the last login data
+ if (isset($_POST['ok']))
+ {
+ // By default the hash is empty
+ $hash = "";
+
+ // Check for old MD5 passwords
+ if ((strlen($password) == 32) && (md5($_POST['password']) == $password))
+ {
+ // Just set the hash to the password from DB... :)
+ $hash = $password;
+ }
+ else
+ {
+ // Encrypt hash for comparsion
+ $hash = generateHash($_POST['password'], substr($password, 0, -40));
+ }
+
+ if ($hash == $password)
+ {
+ // New hashed password found so let's generate a new one
+ $hash = generateHash($_POST['password']);
+
+ // ... and update database
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ array($hash, $UID), __FILE__, __LINE__);
+
+ // No login bonus by default
+ $BONUS = false;
+
+ // Probe for last online timemark
+ $probe = time() - $online;
+ if (!empty($login)) $probe = time() - $login;
+ if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $CONFIG['login_timeout']))
+ {
+ // Add login bonus to user's account
+ $ADD = ", login_bonus=login_bonus+'".$CONFIG['login_bonus']."'";
+ $BONUS = true;
+
+ // Subtract login bonus from userid's account or jackpot
+ if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
+ }
+
+
+ // Secure lifetime from input form
+ $l = bigintval($_POST['lifetime']);
+ $life = "-1";
+ if ($l > 0)
+ {
+ // Calculate lifetime of cookies
+ $life = time() + $l;
+
+ // Calculate new hash with the secret key and master salt together
+ $hash = generatePassString($hash);
+
+ // Update cookies
+ $login = (@setcookie("userid" , $UID , $life, COOKIE_PATH)
+ && @setcookie("u_hash" , $hash, $life, COOKIE_PATH)
+ && @setcookie("lifetime", $l , $life, COOKIE_PATH));
+
+ // Update global array
+ $GLOBALS['userid'] = $UID;
+ $_COOKIE['u_hash'] = $hash;
+ $_COOKIE['lifetime'] = $l;
+ }
+ else
+ {
+ // Check for login data
+ $login = IS_LOGGED_IN();
+ }
+
+ if ($login)
+ {
+ // Update database records
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",
+ array(bigintval($UID)), __FILE__, __LINE__);
+ if (SQL_AFFECTEDROWS($link) == 1)
+ {
+ // Procedure to checking for login data
+ if (($BONUS) && (EXT_IS_ACTIVE("bonus")))
+ {
+ // Bonus added (just displaying!)
+ $URL = URL."/modules.php?module=chk_login&mode=bonus";
+ }
+ else
+ {
+ // Bonus not added
+ $URL = URL."/modules.php?module=chk_login&mode=login";
+ }
+ }
+ else
+ {
+ // Cannot update counter!
+ $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED;
+ }
+ }
+ else
+ {
+ // Cookies not setable!
+ $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES;
+ }
+ }
+ else
+ {
+ // Wrong password!
+ $ERROR = CODE_WRONG_PASS;
+ }
+ }
+ else
+ {
+ // Fatal error!
+ $ERROR = CODE_LOGIN_FAILED;
+ }
+ }
+ else
+ {
+ // Other account status?
+ $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ array(bigintval($UID)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Load status
+ list($status) = SQL_FETCHROW($result);
+ switch ($status)
+ {
+ case "LOCKED":
+ $ERROR = CODE_ID_LOCKED;
+ break;
+
+ case "UNCONFIRMED":
+ $ERROR = CODE_ID_UNCONFIRMED;
+ break;
+
+ default:
+ $ERROR = CODE_UNKNOWN_STATUS;
+ break;
+ }
+ }
+ else
+ {
+ // ID not found!
+ $ERROR = CODE_WRONG_ID;
+ }
+
+ // Construct URL
+ $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR;
+ }
+}
+ elseif ((!empty($_POST['new_pass'])) && (isset($UID)))
+{
+ // Compile email when found in address (only secure chars!)
+ if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']);
+
+ // Set ID number when left empty
+ if (empty($_POST['id'])) $_POST['id'] = "0";
+
+ // Probe userid/nickname
+ $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));
+ if ($probe_nickname)
+ {
+ // Nickname entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",
+ array(addslashes($UID), $_POST['email']), __FILE__, __LINE__);
+ }
+ else
+ {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",
+ array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);
+ }
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // This data is valid, so we create a new pass... :-)
+ list($UID, $status) = SQL_FETCHROW($result);
+
+ if ($status == "CONFIRMED")
+ {
+ // Ooppps, this was missing! ;-) We should update the database...
+ $NEW_PASS = GEN_PASS();
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",
+ array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);
+
+ // Prepare data and message for email
+ $DATA = array($NEW_PASS, getenv('REMOTE_ADDR'));
+ $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID));
+
+ // ... and send it away
+ SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg);
+
+ // Output note to user
+ LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);
+ }
+ else
+ {
+ // Account is locked or unconfirmed
+ switch ($status)
+ {
+ case "LOCKED" : $MSG = CODE_ID_LOCKED; break;
+ case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break;
+ }
+
+ // Load URL
+ LOAD_URL(URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG);
+ }
+ }
+ else
+ {
+ // ID or email is wrong
+ LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"guest_failed\">".GUEST_WRONG_ID_EMAIL."</SPAN>");
+ }
+}
+ else
+{
+ // Login problems?
+ if (!empty($_GET['login']))
+ {
+ // Ok, which one now?
+ $MSG = "<TR>
+ <TD width=\"10\"> </TD>
+ <TD colspan=\"7\" align=\"center\">
+ <STRONG><SPAN class=\"guest_failed\">";
+ switch ($_GET['login'])
+ {
+ case CODE_WRONG_PASS:
+ $MSG .= LOGIN_WRONG_PASS;
+ break;
+
+ case CODE_WRONG_ID:
+ $MSG .= LOGIN_WRONG_ID;
+ break;
+
+ case CODE_ID_LOCKED:
+ $MSG .= LOGIN_ID_LOCKED;
+ break;
+
+ case CODE_ID_UNCONFIRMED:
+ $MSG .= LOGIN_ID_UNCONFIRMED;
+ break;
+
+ case CODE_NO_COOKIES:
+ $MSG .= LOGIN_NO_COOKIES;
+ break;
+
+ default:
+ $MSG .= LOGIN_WRONG_ID;
+ break;
+ }
+ $MSG .= "</SPAN></STRONG>
+ </TD>
+ <TD width=\"10\"> </TD>
+</TR>\n";
+ define ('LOGIN_FAILURE_MSG', $MSG);
+ }
+ else
+ {
+ // No problems, no output
+ define ('LOGIN_FAILURE_MSG', "");
+ }
+ // Display login form with resend-password form
+ if (EXT_IS_ACTIVE("nickname"))
+ {
+ LOAD_TEMPLATE("guest_nickname_login");
+ }
+ else
+ {
+ LOAD_TEMPLATE("guest_login");
+ }
+}
+
+// Was an URL constructed?
+if (!empty($URL))
+{
+ // URL was constructed
+ if (!empty($FATAL[0]))
+ {
+ // Fatal errors!
+ require_once(PATH."inc/fatal_errors.php");
+ }
+ else
+ {
+ // Load URL
+ LOAD_URL($URL);
+ }
+}
+
+CLOSE_TABLE();
+//
+?>