X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=0.2.1%2Finc%2Fmodules%2Fguest%2Fwhat-login.php;h=d2aada311042d21c8794534e77466f5cb85cac0c;hb=7bc25dd08431c94ce9edca131d56c1a36b13c28a;hp=d4591e1368116a0c4dc3aca9853a91aae04c2f2f;hpb=157ee010917df5ca07e6d31b42f67417b2516d74;p=mailer.git
diff --git a/0.2.1/inc/modules/guest/what-login.php b/0.2.1/inc/modules/guest/what-login.php
index d4591e1368..d2aada3110 100644
--- a/0.2.1/inc/modules/guest/what-login.php
+++ b/0.2.1/inc/modules/guest/what-login.php
@@ -1,409 +1,409 @@
-= "0.2.8")
- {
- $LAST = ", last_login";
- }
-
- // Check login data
- $password = "";
- if ($probe_nickname)
- {
- // Nickname entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
- array($UID), __FILE__, __LINE__);
- list($UID2, $password, $online, $login) = SQL_FETCHROW($result);
- if (!empty($UID2)) $UID = $UID2;
- }
- else
- {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
- array(bigintval($UID), $hash), __FILE__, __LINE__);
- list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
- }
- if (SQL_NUMROWS($result) == 1)
- {
- // Valid data found so let's load the last login data
- if (isset($_POST['ok']))
- {
- // By default the hash is empty
- $hash = "";
-
- // Check for old MD5 passwords
- if ((strlen($password) == 32) && (md5($_POST['password']) == $password))
- {
- // Just set the hash to the password from DB... :)
- $hash = $password;
- }
- else
- {
- // Encrypt hash for comparsion
- $hash = generateHash($_POST['password'], substr($password, 0, -40));
- }
-
- if ($hash == $password)
- {
- // New hashed password found so let's generate a new one
- $hash = generateHash($_POST['password']);
-
- // ... and update database
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
- array($hash, $UID), __FILE__, __LINE__);
-
- // No login bonus by default
- $BONUS = false;
-
- // Probe for last online timemark
- $probe = time() - $online;
- if (!empty($login)) $probe = time() - $login;
- if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $CONFIG['login_timeout']))
- {
- // Add login bonus to user's account
- $ADD = ", login_bonus=login_bonus+'".$CONFIG['login_bonus']."'";
- $BONUS = true;
-
- // Subtract login bonus from userid's account or jackpot
- if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
- }
-
-
- // Secure lifetime from input form
- $l = bigintval($_POST['lifetime']);
- $life = "-1";
- if ($l > 0)
- {
- // Calculate lifetime of cookies
- $life = time() + $l;
-
- // Calculate new hash with the secret key and master salt together
- $hash = generatePassString($hash);
-
- // Update cookies
- $login = (@setcookie("userid" , $UID , $life, COOKIE_PATH)
- && @setcookie("u_hash" , $hash, $life, COOKIE_PATH)
- && @setcookie("lifetime", $l , $life, COOKIE_PATH));
-
- // Update global array
- $GLOBALS['userid'] = $UID;
- $_COOKIE['u_hash'] = $hash;
- $_COOKIE['lifetime'] = $l;
- }
- else
- {
- // Check for login data
- $login = IS_LOGGED_IN();
- }
-
- if ($login)
- {
- // Update database records
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",
- array(bigintval($UID)), __FILE__, __LINE__);
- if (SQL_AFFECTEDROWS($link) == 1)
- {
- // Procedure to checking for login data
- if (($BONUS) && (EXT_IS_ACTIVE("bonus")))
- {
- // Bonus added (just displaying!)
- $URL = URL."/modules.php?module=chk_login&mode=bonus";
- }
- else
- {
- // Bonus not added
- $URL = URL."/modules.php?module=chk_login&mode=login";
- }
- }
- else
- {
- // Cannot update counter!
- $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED;
- }
- }
- else
- {
- // Cookies not setable!
- $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES;
- }
- }
- else
- {
- // Wrong password!
- $ERROR = CODE_WRONG_PASS;
- }
- }
- else
- {
- // Fatal error!
- $ERROR = CODE_LOGIN_FAILED;
- }
- }
- else
- {
- // Other account status?
- $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
- array(bigintval($UID)), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
- // Load status
- list($status) = SQL_FETCHROW($result);
- switch ($status)
- {
- case "LOCKED":
- $ERROR = CODE_ID_LOCKED;
- break;
-
- case "UNCONFIRMED":
- $ERROR = CODE_ID_UNCONFIRMED;
- break;
-
- default:
- $ERROR = CODE_UNKNOWN_STATUS;
- break;
- }
- }
- else
- {
- // ID not found!
- $ERROR = CODE_WRONG_ID;
- }
-
- // Construct URL
- $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR;
- }
-}
- elseif ((!empty($_POST['new_pass'])) && (isset($UID)))
-{
- // Compile email when found in address (only secure chars!)
- if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']);
-
- // Set ID number when left empty
- if (empty($_POST['id'])) $_POST['id'] = "0";
-
- // Probe userid/nickname
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));
- if ($probe_nickname)
- {
- // Nickname entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",
- array(addslashes($UID), $_POST['email']), __FILE__, __LINE__);
- }
- else
- {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",
- array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);
- }
- if (SQL_NUMROWS($result) == 1)
- {
- // This data is valid, so we create a new pass... :-)
- list($UID, $status) = SQL_FETCHROW($result);
-
- if ($status == "CONFIRMED")
- {
- // Ooppps, this was missing! ;-) We should update the database...
- $NEW_PASS = GEN_PASS();
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",
- array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);
-
- // Prepare data and message for email
- $DATA = array($NEW_PASS, getenv('REMOTE_ADDR'));
- $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID));
-
- // ... and send it away
- SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg);
-
- // Output note to user
- LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);
- }
- else
- {
- // Account is locked or unconfirmed
- switch ($status)
- {
- case "LOCKED" : $MSG = CODE_ID_LOCKED; break;
- case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break;
- }
-
- // Load URL
- LOAD_URL(URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG);
- }
- }
- else
- {
- // ID or email is wrong
- LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL."");
- }
-}
- else
-{
- // Login problems?
- if (!empty($_GET['login']))
- {
- // Ok, which one now?
- $MSG = "
- | |
-
- ";
- switch ($_GET['login'])
- {
- case CODE_WRONG_PASS:
- $MSG .= LOGIN_WRONG_PASS;
- break;
-
- case CODE_WRONG_ID:
- $MSG .= LOGIN_WRONG_ID;
- break;
-
- case CODE_ID_LOCKED:
- $MSG .= LOGIN_ID_LOCKED;
- break;
-
- case CODE_ID_UNCONFIRMED:
- $MSG .= LOGIN_ID_UNCONFIRMED;
- break;
-
- case CODE_NO_COOKIES:
- $MSG .= LOGIN_NO_COOKIES;
- break;
-
- default:
- $MSG .= LOGIN_WRONG_ID;
- break;
- }
- $MSG .= "
- |
- |
-
\n";
- define ('LOGIN_FAILURE_MSG', $MSG);
- }
- else
- {
- // No problems, no output
- define ('LOGIN_FAILURE_MSG', "");
- }
- // Display login form with resend-password form
- if (EXT_IS_ACTIVE("nickname"))
- {
- LOAD_TEMPLATE("guest_nickname_login");
- }
- else
- {
- LOAD_TEMPLATE("guest_login");
- }
-}
-
-// Was an URL constructed?
-if (!empty($URL))
-{
- // URL was constructed
- if (!empty($FATAL[0]))
- {
- // Fatal errors!
- require_once(PATH."inc/fatal_errors.php");
- }
- else
- {
- // Load URL
- LOAD_URL($URL);
- }
-}
-
-CLOSE_TABLE();
-//
-?>
+= "0.2.8")
+ {
+ $LAST = ", last_login";
+ }
+
+ // Check login data
+ $password = "";
+ if ($probe_nickname)
+ {
+ // Nickname entered
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
+ array($UID), __FILE__, __LINE__);
+ list($UID2, $password, $online, $login) = SQL_FETCHROW($result);
+ if (!empty($UID2)) $UID = $UID2;
+ }
+ else
+ {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ array(bigintval($UID), $hash), __FILE__, __LINE__);
+ list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
+ }
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Valid data found so let's load the last login data
+ if (isset($_POST['ok']))
+ {
+ // By default the hash is empty
+ $hash = "";
+
+ // Check for old MD5 passwords
+ if ((strlen($password) == 32) && (md5($_POST['password']) == $password))
+ {
+ // Just set the hash to the password from DB... :)
+ $hash = $password;
+ }
+ else
+ {
+ // Encrypt hash for comparsion
+ $hash = generateHash($_POST['password'], substr($password, 0, -40));
+ }
+
+ if ($hash == $password)
+ {
+ // New hashed password found so let's generate a new one
+ $hash = generateHash($_POST['password']);
+
+ // ... and update database
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ array($hash, $UID), __FILE__, __LINE__);
+
+ // No login bonus by default
+ $BONUS = false;
+
+ // Probe for last online timemark
+ $probe = time() - $online;
+ if (!empty($login)) $probe = time() - $login;
+ if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $CONFIG['login_timeout']))
+ {
+ // Add login bonus to user's account
+ $ADD = ", login_bonus=login_bonus+'".$CONFIG['login_bonus']."'";
+ $BONUS = true;
+
+ // Subtract login bonus from userid's account or jackpot
+ if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
+ }
+
+
+ // Secure lifetime from input form
+ $l = bigintval($_POST['lifetime']);
+ $life = "-1";
+ if ($l > 0)
+ {
+ // Calculate lifetime of cookies
+ $life = time() + $l;
+
+ // Calculate new hash with the secret key and master salt together
+ $hash = generatePassString($hash);
+
+ // Update cookies
+ $login = (@setcookie("userid" , $UID , $life, COOKIE_PATH)
+ && @setcookie("u_hash" , $hash, $life, COOKIE_PATH)
+ && @setcookie("lifetime", $l , $life, COOKIE_PATH));
+
+ // Update global array
+ $GLOBALS['userid'] = $UID;
+ $_COOKIE['u_hash'] = $hash;
+ $_COOKIE['lifetime'] = $l;
+ }
+ else
+ {
+ // Check for login data
+ $login = IS_LOGGED_IN();
+ }
+
+ if ($login)
+ {
+ // Update database records
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",
+ array(bigintval($UID)), __FILE__, __LINE__);
+ if (SQL_AFFECTEDROWS($link) == 1)
+ {
+ // Procedure to checking for login data
+ if (($BONUS) && (EXT_IS_ACTIVE("bonus")))
+ {
+ // Bonus added (just displaying!)
+ $URL = URL."/modules.php?module=chk_login&mode=bonus";
+ }
+ else
+ {
+ // Bonus not added
+ $URL = URL."/modules.php?module=chk_login&mode=login";
+ }
+ }
+ else
+ {
+ // Cannot update counter!
+ $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED;
+ }
+ }
+ else
+ {
+ // Cookies not setable!
+ $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES;
+ }
+ }
+ else
+ {
+ // Wrong password!
+ $ERROR = CODE_WRONG_PASS;
+ }
+ }
+ else
+ {
+ // Fatal error!
+ $ERROR = CODE_LOGIN_FAILED;
+ }
+ }
+ else
+ {
+ // Other account status?
+ $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ array(bigintval($UID)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Load status
+ list($status) = SQL_FETCHROW($result);
+ switch ($status)
+ {
+ case "LOCKED":
+ $ERROR = CODE_ID_LOCKED;
+ break;
+
+ case "UNCONFIRMED":
+ $ERROR = CODE_ID_UNCONFIRMED;
+ break;
+
+ default:
+ $ERROR = CODE_UNKNOWN_STATUS;
+ break;
+ }
+ }
+ else
+ {
+ // ID not found!
+ $ERROR = CODE_WRONG_ID;
+ }
+
+ // Construct URL
+ $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR;
+ }
+}
+ elseif ((!empty($_POST['new_pass'])) && (isset($UID)))
+{
+ // Compile email when found in address (only secure chars!)
+ if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']);
+
+ // Set ID number when left empty
+ if (empty($_POST['id'])) $_POST['id'] = "0";
+
+ // Probe userid/nickname
+ $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));
+ if ($probe_nickname)
+ {
+ // Nickname entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",
+ array(addslashes($UID), $_POST['email']), __FILE__, __LINE__);
+ }
+ else
+ {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",
+ array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);
+ }
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // This data is valid, so we create a new pass... :-)
+ list($UID, $status) = SQL_FETCHROW($result);
+
+ if ($status == "CONFIRMED")
+ {
+ // Ooppps, this was missing! ;-) We should update the database...
+ $NEW_PASS = GEN_PASS();
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",
+ array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);
+
+ // Prepare data and message for email
+ $DATA = array($NEW_PASS, getenv('REMOTE_ADDR'));
+ $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID));
+
+ // ... and send it away
+ SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg);
+
+ // Output note to user
+ LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);
+ }
+ else
+ {
+ // Account is locked or unconfirmed
+ switch ($status)
+ {
+ case "LOCKED" : $MSG = CODE_ID_LOCKED; break;
+ case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break;
+ }
+
+ // Load URL
+ LOAD_URL(URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$MSG);
+ }
+ }
+ else
+ {
+ // ID or email is wrong
+ LOAD_TEMPLATE("admin_settings_saved", false, "".GUEST_WRONG_ID_EMAIL."");
+ }
+}
+ else
+{
+ // Login problems?
+ if (!empty($_GET['login']))
+ {
+ // Ok, which one now?
+ $MSG = "
+ | |
+
+ ";
+ switch ($_GET['login'])
+ {
+ case CODE_WRONG_PASS:
+ $MSG .= LOGIN_WRONG_PASS;
+ break;
+
+ case CODE_WRONG_ID:
+ $MSG .= LOGIN_WRONG_ID;
+ break;
+
+ case CODE_ID_LOCKED:
+ $MSG .= LOGIN_ID_LOCKED;
+ break;
+
+ case CODE_ID_UNCONFIRMED:
+ $MSG .= LOGIN_ID_UNCONFIRMED;
+ break;
+
+ case CODE_NO_COOKIES:
+ $MSG .= LOGIN_NO_COOKIES;
+ break;
+
+ default:
+ $MSG .= LOGIN_WRONG_ID;
+ break;
+ }
+ $MSG .= "
+ |
+ |
+
\n";
+ define ('LOGIN_FAILURE_MSG', $MSG);
+ }
+ else
+ {
+ // No problems, no output
+ define ('LOGIN_FAILURE_MSG', "");
+ }
+ // Display login form with resend-password form
+ if (EXT_IS_ACTIVE("nickname"))
+ {
+ LOAD_TEMPLATE("guest_nickname_login");
+ }
+ else
+ {
+ LOAD_TEMPLATE("guest_login");
+ }
+}
+
+// Was an URL constructed?
+if (!empty($URL))
+{
+ // URL was constructed
+ if (!empty($FATAL[0]))
+ {
+ // Fatal errors!
+ require_once(PATH."inc/fatal_errors.php");
+ }
+ else
+ {
+ // Load URL
+ LOAD_URL($URL);
+ }
+}
+
+CLOSE_TABLE();
+//
+?>